Building Lightweight Intrusion Detection System Based on Random Forest

  • Dong Seong Kim
  • Sang Min Lee
  • Jong Sou Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3973)


This paper proposes a new approach to build lightweight Intrusion Detection System (IDS) based on Random Forest (RF). RF is a special kind of ensemble learning techniques and it turns out to perform very well compared to other classification algorithms such as Support Vector Machines (SVM) and Artificial Neural Networks (ANN). In addition, RF produces a measure of importance of feature variables. Our approach is able not only to show high detection rates but also to figure out stable output of important features simultaneously. The results of experiments on KDD 1999 intrusion detection dataset indicate the feasibility of our approach.


Support Vector Machine Feature Selection Random Forest Classification Algorithm Intrusion Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Chapman and Hall, New York (1984)MATHGoogle Scholar
  2. 2.
    Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)MATHCrossRefGoogle Scholar
  3. 3.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, Inc., Chichester (2001)MATHGoogle Scholar
  4. 4.
    Fox, K.L., Henning, R.R., Reed, J.H., Simonian, R.P.: A Neural Network Approach Towards Intrusion Detection. In: Proc. of the 13th National Computer Security Conf., Washington, DC (1990)Google Scholar
  5. 5.
    Fugate, M., Gattiker, J.R.: Anomaly Detection Enhanced Classification in Computer Intrusion Detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 186–197. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anomaly Detection in Computer Security. In: Proc. of Int. Conf. on Machine Learning and Applications 2003, pp. 168–174. CSREA Press (2003)Google Scholar
  7. 7.
  8. 8.
  9. 9.
    Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Kruegel, C., Valeur, F.: Stateful Intrusion Detection for High-Speed Networks. In: Proc. of the IEEE Symposium on Research on Security and Privacy, pp. 285–293 (2002)Google Scholar
  11. 11.
    Meyer, D., Leisch, F., Hornik, K.: The Support Vector Machine under Test. Neurocomputing 55, 169–186 (2003)CrossRefGoogle Scholar
  12. 12.
    Nguyen, B.V.: An Application of Support Vector Machines to Anomaly Detection. Research in Computer Science-Support Vector Machine, report (2002)Google Scholar
  13. 13.
    Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks. In: Proc. of the 36th Hawaii Int. Conf. on System Sciences, pp. 334–343. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  14. 14.
    Park, J., Shazzad, S.K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)Google Scholar
  16. 16.
  17. 17.
    Song, H., Lockwood, J.W.: Efficient Packet Classification for Network Intrusion Detection using FPGA. In: Schmit, H., Wilton, S.J.E. (eds.) Proc. of the ACM/SIGDA 13th Int. Symposium on Field-Programmable Gate Arrays. FPGA, pp. 238–245 (2005)Google Scholar
  18. 18.
    Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  19. 19.
    The R Project for Statistical Computing,
  20. 20.
    Mukkamala, S., Sung, A.H., Ribeiro, B.M.: Model Selection for Kernel Based Intrusion Detection Systems. In: Beliczynski, B., Dzielinski, A., Iwanowski, M., Ribeiro, B. (eds.) ICANNGA 2007. LNCS, vol. 4431, pp. 458–461. Springer, Heidelberg (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dong Seong Kim
    • 1
  • Sang Min Lee
    • 1
  • Jong Sou Park
    • 1
  1. 1.Network Security Lab., Computer Engineering DepartmentHankuk Aviation UniversityGoyang-city, Gyeonggi-doKorea

Personalised recommendations