Abstract
Intrusion detection system (IDS) is a system that gathers and analyzes information from various areas within a computer or a network to identify attacks made against these components. This research proposed an Intrusion Detection Model (IDM) for detection intrusion attempts, the proposal is a hybrid IDM because it considers both features of network packets and host features that are sensitive to most intrusions. The dataset used to build the hybrid IDM is the proposed HybD (Hybrid Dataset) dataset which composed of the 10% KDD '99 dataset features (41) and suggested host-based features (3). Two Data Mining DM classifiers (Support Vector Machine (SVM)) classifier and Naïve Bayesian (NB) Classifier) are used to build and verify the validity of the proposed model in term of accuracy rate. The proposal trying to ensure the detection speed of the hybrid IDM, that by reducing the HybD dataset features used by considering the most critical features in the detection but with saving of high accuracy rate without degradation that may be caused by that reduction. Two different measures are used for selecting and ranking HybD dataset features; they are Principle Component Analysis (PCA) and Gain Ratio (GR). The sets of features that have been resulted from these two measures and the all features set will be the feeding of both SVM and NB. The results obtained from executing the proposed model showing that SVM classifier accuracy rate is generally higher than that of NB classifier with the three sets of features. With SVM classifier the best accuracy rate resulted with set of features selected by PCA. The most critical features obtained by PCA are ranging to (17) features from 44 features: three of the suggested host features and (14) of the 10% KDD'99 features.