International Journal of Network Security
In this paper, a novel hybrid model is being proposed for misuse and anomaly detection. C4.5 based binary decision trees are used for misuse and CBA (Classification Based Association) based classifier is used for anomaly detection. Firstly, the C4.5 based decision tree separates the network traffic into normal and attack categories. The normal traffic is sent to anomaly detector and parallel attacks are sent to a decision trees based classifier for labeling with specific attack type. The CBA based anomaly detection is a single level classifier where as the decision trees based misuse detector is a sequential multi-level classifier which labels one attack at a time in a step by step manner.