Liao, J.-M.J.-M.LiaoLiu, J.-S.J.-S.LiuSHENG-DE WANG2020-06-042020-06-042018https://scholars.lib.ntu.edu.tw/handle/123456789/497285We propose a hybrid intrusion detection approach to detect network anomalies. The proposed approach uses a feature discrete method and a cluster analysis algorithm to separate the training samples into two groups, normal and anomaly groups, and then a new classification model is built to improve the performance of the sub group classification. We discretize the features of training samples by the method considering the interdependence between features and labels. Class information is added into the attributes to enhance the clustering results. For the anomaly group, several representative features are selected to construct a classification model to improve the overall classification performance. Two efficient machine learning algorithms, the Decision Tree algorithm and the Bayesian Network algorithm, are adopted in our experiment. The experiment results show that our method can increase both the normal and anomaly detection rate, precision and accuracy. For the classification of new types of modern attacks, our approach also can improve the overall accuracy. © Springer International Publishing AG, part of Springer Nature 2018.Contemporary attack detection; Intrusion detection system; Machine learning[SDGs]SDG16Bayesian networks; Big data; Classification (of information); Cluster analysis; Clustering algorithms; Computer crime; Data mining; Decision trees; Intelligent computing; Learning algorithms; Learning systems; Sampling; Trees (mathematics); Analysis algorithms; Attack detection; Classification models; Classification performance; Decision-tree algorithm; Hybrid intrusion detection; Intrusion Detection Systems; Overall accuracies; Intrusion detectionconference paper10.1007/978-3-319-76451-1_62-s2.0-85045341717https://www.scopus.com/inward/record.uri?eid=2-s2.0-85045341717&doi=10.1007%2f978-3-319-76451-1_6&partnerID=40&md5=a4a548e21109ada32df584ae965b63a6