A random-forests-based classifier using class association rules and its application to an intrusion detection system

With the rapid developments of network technology, devices connected to the network in a variety of fields have increased, and then, network security has become more important. Rule-based classification for intrusion detection is useful, because it is not only easily understood by humans, but also accurate for the classification of new patterns. Genetic network programming (GNP) is one of the rule-mining techniques as well as the evolutionary-optimization techniques. It can extract rules efficiently even from an enormous database, but still needs more accuracy and stability for practical use. This paper describes a classification system with random forests, employing weighted majority vote in the classification to enhance its performance. For the performance evaluation, NSL-KDD (Network Security Laboratory-Knowledge Discovery and Data Mining) data set is used and the proposed method is compared with the conventional methods, including other machine-learning techniques (Random forests, SVM, J4.8) in terms of the accuracy and false positive rate.