Skip to Main Content
We propose in this paper a novel network intrusion detection framework based on learning techniques. The main goal of our framework is to detect known as well as unknown or novel attacks on networks. Our detection approach combines three learning techniques, namely inductive logic programming (ILP), genetic programming (GP) and Bayesian probability theorem. Each technique detects the intrusion independently and then makes a decision about whether the network behavior is intrusive or normal. A voting mechanism is proposed to give the final intrusion decision. In theory, our framework has lower false alarm rate than other approaches since we use the voting mechanism and combine several detection techniques.