Adaptive Anomaly Intrusion Detection System Using Optimized Hoeffding Tree

Anomaly Intrusion Detection System is used to identify a new attack in the network by identifying the deviations in the network traffic patterns. Though it identifies new attacks efficiently, the false alarm rate is usually high in this system. As there may be attack in the network at any time and as the input traffic varies over time, we need a model which efficiently identifies the change in the network traffic and adapts quickly to generate an alarm. In this paper we have proposed an adaptive anomaly intrusion detection model using stream mining approach which identifies the changes in the network and adapts the underlying model immediately. We have used optimized Hoeffding Tree where the prediction phase is optimized using Particle Swarm Optimization algorithm to increase the accuracy rate and to reduce the false alarm rate. Also the node splitting in Optimized Hoeffding Tree is controlled using error rate to keep the misclassification error rate and false alarm rate within considerable range. The results of our model are compared with the results of static intrusion detection models using unsupervised machine learning techniques. The experimental result shows that our model performed better in accuracy and false positive rate compared to the static models. We have used NSL KDD data set for our experiment.