On the designing of two grains levels network intrusion detection system


Despite the rapid progress of the information technology, protecting computers and networks remain a major problem for mostauthors. In this paper, two grains levels intrusion detection system (IDS) is suggested (fine-grained and coarse-grained). In normalcase, where intrusions are not detected, the most suitable IDS level is the coarse-grained to increase IDS performance. As soon asany intrusion is detected by coarse-grained IDS, the fine-grained is activated to detect the possible attack details. Very fast decisiontree algorithm is used in both of these detection levels. In order to ensure efficiency of the proposed model, it has been tested onKDD CUP 99 offline dataset and a real traffic dataset. Experimental results demonstrate that the proposed model is highly successfulin detecting known and unknown attacks, and can be successfully adapted with packets' flow to increase IDS performance.This article explains how we got a detection rate greater than 93% with an average processing time equals to 3 106 s perexample.