Nowadays, the intrusion detection system (IDS) has become one of the most important weapons against cyber-attacks. The simple single-level IDS cannot detect both attack types and normal behaviour with high detection rate. To overcome this limit, we propose a new approach for intrusion detection. The idea of this paper is to use two different classifiers iteratively, where each-iteration represents one level in the built model. To ensure the adaptation of our model, we add a new level whenever the sum of new attacks and the rest of the training dataset reaches the threshold. To build our model, we have used Fuzzy Unordered Rule Induction Algorithm and Random Forests as classifiers. The experiment on the KDD99 dataset shows the high performance of our model that demonstrates its ability to detect the low frequent attack without losing their high performance in the detection of frequent attack and normal behaviour. Furthermore, our model gives the highest detection rate and the highest accuracy, compared with some models well known in the literature related to intrusion detection.
Read full abstract