Authors
Abstract
Malicious software (malware) performs a malicious function that compromising a
computer system’s security. Many methods have been developed to improve the security
of the computer system resources, among them the use of firewall, encryption, and
Intrusion Detection System (IDS). IDS can detect newly unrecognized attack attempt and
raising an early alarm to inform the system about this suspicious intrusion attempt. This
paper proposed a hybrid IDS for detection intrusion, especially malware, with
considering network packet and host features. The hybrid IDS designed using Data
Mining (DM) classification methods that for its ability to detect new, previously unseen
intrusions accurately and automatically. It uses both anomaly and misuse detection
techniques using two DM classifiers (Interactive Dichotomizer 3 (ID3) classifier and
Naïve Bayesian (NB) Classifier) to verify the validity of the proposed system in term of
accuracy rate. A proposed HybD dataset used in training and testing the hybrid IDS.
Feature selection is used to consider the intrinsic features in classification decision, this
accomplished by using three different measures: Association rules (AR) method, ReliefF
measure, and Gain Ratio (GR) measure. NB classifier with AR method given the most
accurate classification results (99%) with false positive (FP) rate (0%) and false negative
(FN) rate (1%).
Keywords
)
