Enhancing Hybrid Intrusion Detection and Prevention System for Flooding Attacks Using Decision Tree

Abstract

Computer networks are being attacked every day. Intrusion detection systems (IDS) are used to detect and reduce effects of these attacks and it use two types of techniques signature based or anomaly based detection for detecting known and unknown attacks. The currently used of hybrid intrusion detection systems that based on signature and anomaly based detection techniques was became inefficient for detecting attacks because it have nearly less than or equal to 95.5% for the detection rate and 1.8% for false positive rate, nowadays these values are unsatisfied for the detection so that the important of enhancing the hybrid intrusion detection system it become most needs. In this study, the enhanced hybrid intrusion detection has been proposed to provide better results with high accuracy of the detection rate and reduce the value of false positive rate that will done by proposing new method based on decision tree of data mining techniques that is based on C4.5 algorithm via using java programming language with NSL-KDD dataset which is used weka and snort engine to detects and prevent the a portion of flooding attacks that are tested. The results show that the proposed model is more efficient and it gives better optimum results that nearly reach to 100% for the detection rate and it’s also reduces the number of false positive when it compares with previous results of intrusion detection systems.