IMPLEMENTATION OF A HYBRID APPROACH BASED ON INTELLIGENT DATA ANALYSIS METHODS IN INTRUSION DETECTION SYSTEMS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.30.966

Keywords:

cyber defense, cyberattack, intrusion detection system, clustering method, support vector method, intelligent data analysis methods, database, correct and false recognition, principal component method, efficiency.

Abstract

The growth of cyber influence and its diversity in cyberspace require a proactive approach to the development of intelligent models and methods. These tools are necessary for effective data analysis and their application in the field of cyber countermeasures. It is critically important to research innovative solutions capable of navigating the complexities of large data sets. The goal of the research is to ensure not only the accuracy of the analysis, but also the timely receipt of valuable information. Such research efforts are indispensable for meeting the growing demand for reliable data processing capabilities in various sectors. The development of information technology has led to a significant increase in the number of attacks on information system components. This has made intrusion detection an extremely relevant and critical task. In this context, data mining methods offer broad opportunities for application in various scientific and technical fields, including information security. This article is devoted to the study of the application of data mining methods in intrusion detection systems (IDS). The paper classifies intrusion detection systems according to various criteria and analyzes the mathematical apparatus of the selected methods. An overview of popular data mining methods that are widely used to detect and counter cyber threats is provided. Three methods are considered in detail: support vectors, clustering, and principal components as standalone methods, and a hybrid intrusion detection method is created based on them. The effectiveness of the methods considered was evaluated using the true positive rate (TPR) and false positive rate (FPR) indicators. The hybrid method uses the principle of multi-layered protection. It combines the high accuracy of SVM for known threats with the high sensitivity of clustering/PCA for unknown threats, providing an optimal balance between true and false positives in a real environment.

Downloads

Download data is not yet available.

References

Chen, Y.H.; Yao, Y.Y. A multiview approach for intelligent data analysis based on data operators. Inf. Sci. 2008, 178, 1–20.

Yang, J.; Li, Y.; Liu, Q.; Li, L.; Feng, A.; Wang, T.; Zheng, S.; Xu, A.; Lyu, J. Brief introduction of medical database and data mining technology in big data era. J. Evid.-Based Med. 2020, 13, 57–69.

Young, T.; Hazarika, D.; Poria, S.; Cambria, E. Recent trends in deep learning based natural language processing. IEEE Comput. Intell. Mag. 2017, 13, 55–75.

Abkenar, S.B.; Kashani, M.H.; Mahdipour, E.; Jameii, S.M. Big data analytics meets social media: A systematic review of techniques, open issues, and future directions. Telemat. Inform. 2020, 57, 101517.

Lande D.V., Subach I.Yu., Boyarinova Yu.E. Fundamentals of the theory and practice of intelligent data analysis in the field of cybersecurity: a textbook. — Kyiv: ISZSI Igor Sikorsky KPI, 2018. — 300 p.

Methodology for the synthesis of models of intelligent control and security systems for critical infrastructure facilities. Monograph / S.P. Yevseyev, O.Yu. Zakovorotny, O.V. Milov, G.A. Kuchuk, O.A. Galuz, M.V. Koval, O.V. Voitko, R.V. Gryshchuk – Kharkiv: Published by Novyi Svit-2000, 2024. – 300 p.

Buryachok V.L. Fundamentals of the Formation of a State Cyber Security System: Monograph. – Kyiv: NAU, 2013. – 432 p.

Buryachok, V.L. Information and cyber security: socio-technical aspect: textbook / [V.L. Buryachok, V.B. Tolubko, V.O. Khoroshko, S.V. Tolyupa] — Kyiv: DUT, 2015.— 288 p.

S. V. Tolyupa, N. V. Lukova-Chuiko, V. S. Nakonechny, M. M. Brailovsky Methods of intelligent data distribution in network intrusion detection systems and functional resilience of information systems to cyberattacks. /: monograph – Kyiv: Format, 2021. – 370 p.

Enamul Kabir. A novel statistical technique for intrusion detection systems” Future Generation. Comput. Syst., 79 (2018), pp. 303-318.

Huaglory Tianfield. Data mining based cyber-attack detection Syst. simul. technol., 13 (2017)

Basant Subba, Santosh Biswas, Sushanta Karmakar. Intrusion detection systems using linear discriminant analysis and logistic regression. 2015 Annual IEEE India Conference (INDICON), IEEE (2015), pp. 1-6

Kai Peng, Victor Leung, Lixin Zheng, Shangguang Wang, Chao Huang, Tao Lin. Intrusion detection system based on decision tree over big data in fog environment. Wireless Commun. Mobile Comput. (2018), pp. 1-10.

Yu Xue, Weiwei Jia, Xuejian Zhao, Wei Pang. An Evolutionary Computation Based Feature Selection Method for Intrusion Detection” Security and Communication Networks. (2018), pp. 1-10

L. Xiao, Y. Chen, C.K. Chang. Bayesian model averaging of Bayesian network classifiers for intrusion detection. 2014 in IEEE 38th International Computer Software and Applications Conference Workshops on 35 (2014). pp. 1302-1310

Hari Om, Aritra Kundu. A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. 2012 1st International Conference on Recent Advances in Information Technology (RAIT), IEEE (2012), pp. 131-136.

Zaiton Muda, Warusia Yassin, Md Nasir Sulaiman, Nur Izura Udzir. Intrusion detection based on k-means clustering and OneR classification. 2011 7th International Conference on Information Assurance and Security, IAS) (2011), pp. 192-197.

Uddin Chowdhury, Frederick Hammond, Glenn Konowicz, Chunsheng Xin, Hongyi Wu, Li Jiang. A few-shot DL approach for improved intrusion detection. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) (2017), pp. 456-462

Debar, H., Dacier, M., and Wespi, A. (1999), “Towards a Taxonomy of Intrusion Detection Systems,” Computer Networks, vol. 31, 1999, pp. 805–822.

Debar, H., Dacier, M., and Wespi, A. (2000), “A Revised Taxonomy for Intrusion–Detection Systems,” presente dat Annalesdes communications, vol. 55, 2000, pp. 361–78.

Kabiri, P., and Ghorbani, A., A. (2005), “Researchon Intrusion Detectionand Response: A Survey”, International Journalof NetworkSecurity, Vol.1, No.2, Sep. 2005,pp.84–102.

Amer, S.H., Hamilton, J.A., “Intrusion Detection Systems, (IDS) Taxonomy – A Short Review,” DOD Software Tech News, vol. 13, no. 2, June 2010, DOD Data Analysis Center for Software, Air Force Research Laboratory, Rome, N.Y., pp. 23 – 30.

Ali A. Ghorbani, WeiLu, and Mahbod Tavallaee, Network Intrusion Detectionand Prevention: concepts and techniques. London: Springer, 2010, p. 27–49.

Downloads


Abstract views: 32

Published

2025-10-26

How to Cite

Toliupa, S., & Kulko, A. (2025). IMPLEMENTATION OF A HYBRID APPROACH BASED ON INTELLIGENT DATA ANALYSIS METHODS IN INTRUSION DETECTION SYSTEMS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(30), 238–258. https://doi.org/10.28925/2663-4023.2025.30.966

Issue

Vol. 2 No. 30 (2025): Cybersecurity: Education, Science, Technique. Special issue.

Section

Articles

License

Copyright (c) 2025 Сергій Толюпа, Андрій Кулько

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)