On the designing of two grains levels network intrusion detection system

Despite the rapid progress of the information technology, protecting computers and networks remain a major problem for most authors. In this paper, two grains levels intrusion detection system (IDS) is suggested (fine-grained and coarse-grained). In normal case, where intrusions are not detected, the most suitable IDS level is the coarse-grained to increase IDS performance. As soon as any intrusion is detected by coarse-grained IDS, the fine-grained is activated to detect the possible attack details. Very fast decision tree algorithm is used in both of these detection levels. In order to ensure efficiency of the proposed model, it has been tested on KDD CUP 99 offline dataset and a real traffic dataset. Experimental results demonstrate that the proposed model is highly successful in detecting known and unknown attacks, and can be successfully adapted with packets' flow to increase IDS performance. This article explains how we got a detection rate greater than 93% with an average processing time equals to 3 10 6 s per example. © 2015 The Authors. Published and hosting by Elsevier B.V. on behalf of University of Kerbala. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).