Decision tree and hierarchical clustering in application of the field of intrusion detection have its own advantages and disadvantages. For purposes of covering up the shortcomings of each other and searching an optimal balance between them, a multiple-level hybrid intrusion detection system based on hierarchical clustering and decision tree has been proposed. Misuse modules and anomaly modules are organized by a multiple-level hybrid tree. According to the actual performance, misuse module or anomaly module is selected to be the detector. A series of experiment results on well-known KDD Cup 1999 data sets indicate that the hybrid model has good performance in both detection and real time.

• 出版日期2013