Skip to main content
SpringerLink
Log in

Building Lightweight Intrusion Detection System Based on Random Forest

  • Conference paper
Advances in Neural Networks - ISNN 2006 (ISNN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3973))

Included in the following conference series:

Abstract

This paper proposes a new approach to build lightweight Intrusion Detection System (IDS) based on Random Forest (RF). RF is a special kind of ensemble learning techniques and it turns out to perform very well compared to other classification algorithms such as Support Vector Machines (SVM) and Artificial Neural Networks (ANN). In addition, RF produces a measure of importance of feature variables. Our approach is able not only to show high detection rates but also to figure out stable output of important features simultaneously. The results of experiments on KDD 1999 intrusion detection dataset indicate the feasibility of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Chapman and Hall, New York (1984)

    MATH  Google Scholar 

  2. Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  3. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, Inc., Chichester (2001)

    MATH  Google Scholar 

  4. Fox, K.L., Henning, R.R., Reed, J.H., Simonian, R.P.: A Neural Network Approach Towards Intrusion Detection. In: Proc. of the 13th National Computer Security Conf., Washington, DC (1990)

    Google Scholar 

  5. Fugate, M., Gattiker, J.R.: Anomaly Detection Enhanced Classification in Computer Intrusion Detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 186–197. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anomaly Detection in Computer Security. In: Proc. of Int. Conf. on Machine Learning and Applications 2003, pp. 168–174. CSREA Press (2003)

    Google Scholar 

  7. KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  8. KDD-CUP-99 Task Description, http://kdd.ics.uci.edu/databases/kddcup99/task.html

  9. Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Kruegel, C., Valeur, F.: Stateful Intrusion Detection for High-Speed Networks. In: Proc. of the IEEE Symposium on Research on Security and Privacy, pp. 285–293 (2002)

    Google Scholar 

  11. Meyer, D., Leisch, F., Hornik, K.: The Support Vector Machine under Test. Neurocomputing 55, 169–186 (2003)

    Article  Google Scholar 

  12. Nguyen, B.V.: An Application of Support Vector Machines to Anomaly Detection. Research in Computer Science-Support Vector Machine, report (2002)

    Google Scholar 

  13. Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks. In: Proc. of the 36th Hawaii Int. Conf. on System Sciences, pp. 334–343. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  14. Park, J., Shazzad, S.K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)

    Google Scholar 

  16. SNORT, http://www.snort.org

  17. Song, H., Lockwood, J.W.: Efficient Packet Classification for Network Intrusion Detection using FPGA. In: Schmit, H., Wilton, S.J.E. (eds.) Proc. of the ACM/SIGDA 13th Int. Symposium on Field-Programmable Gate Arrays. FPGA, pp. 238–245 (2005)

    Google Scholar 

  18. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  19. The R Project for Statistical Computing, http://www.r-project.org/

  20. Mukkamala, S., Sung, A.H., Ribeiro, B.M.: Model Selection for Kernel Based Intrusion Detection Systems. In: Beliczynski, B., Dzielinski, A., Iwanowski, M., Ribeiro, B. (eds.) ICANNGA 2007. LNCS, vol. 4431, pp. 458–461. Springer, Heidelberg (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Security Lab., Computer Engineering Department, Hankuk Aviation University, 200-1, Hwajeon-dong, Deogyang-gu, Goyang-city, Gyeonggi-do, 412-791, Korea

    Dong Seong Kim, Sang Min Lee & Jong Sou Park

Authors
  1. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sang Min Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Sou Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mechanical and Automation Engineering, The Chinese University of Hong Kong, Shatin, New Territories, Hong Kong, China

    Jun Wang

  2. Computational Intelligence Laboratory, School of Computer Science and Engineering, University of Electronic Science and Technology of China, 610054, Chengdu, P.R. China

    Zhang Yi

  3. Department of Electrical Engineering, University of Louisville, 40292, Louisville, KY, U.S.A

    Jacek M. Zurada

  4. Laboratory for Computational Biology, Shanghai Center for Systems Biomedicine, 800 Dong Chuan Rd, 200240, Shanghai, China

    Bao-Liang Lu

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, D.S., Lee, S.M., Park, J.S. (2006). Building Lightweight Intrusion Detection System Based on Random Forest. In: Wang, J., Yi, Z., Zurada, J.M., Lu, BL., Yin, H. (eds) Advances in Neural Networks - ISNN 2006. ISNN 2006. Lecture Notes in Computer Science, vol 3973. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760191_33

Download citation

  • DOI: https://doi.org/10.1007/11760191_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34482-7

  • Online ISBN: 978-3-540-34483-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation