Research Article Hybrid Modified -Means with C4.5 for Intrusion Detection Systems in Multiagent Systems Wathiq Laftah Al-Yaseen, 1,2 Zulaiha Ali Othman, 1 and Mohd Zakree Ahmad Nazri 1 1 Data Mining and Optimization Research Group (DMO), Centre for Artifcial Intelligence Technology (CAIT), School of Computer Science, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), 43600 Bandar Baru Bangi, Malaysia 2 Al-Furat Al-Awsat Technical University, Iraq Correspondence should be addressed to Wathiq Lafah Al-Yaseen; banenwathiq@yahoo.com Received 21 April 2015; Accepted 2 June 2015 Academic Editor: Nirupam Chakraborti Copyright © 2015 Wathiq Lafah Al-Yaseen et al. Tis is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of trafc data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modifed -means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). Te MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. Te basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. Te proposed hybrid modifed -means with C4.5 classifcation in MAS is developed in JADE platform. Te results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy. 1. Introduction With the growing demand for the services provided by net- works, the availability, confdentiality, and integrity of critical information has become increasingly at risk from misuse [1–3]. Firewall systems alone provide insufcient protection from unwanted access to this important information due to their inability to protect networks from intruders using open ports [4–6]. Intrusion Detection System (IDS) is one of the system security infrastructures attempting to detect malicious activities, such as denial of service attacks and port scans, by monitoring and analyzing events occurring on net- works and computers [1, 7]. In terms of intrusion detection, IDS can be classifed as either host-based or network-based. Te host-based IDS (HIDS) observes the behavior and state of the computer activities and detects the programs that can gain access to resources. On the other hand, the network- based IDS (NIDS) is monitoring the network trafc (trafc volume, service ports, IP addresses, and protocol usage) and analyzes it to identify suspicious activities [8–10]. In general, IDS can be implemented using two approaches: rule- based detection and anomaly-based detection [1, 10]. Rule- based detection (also known as misuse or signature-based detection) searches for specifc signature patterns previously stored in the rules database. Snort is one of the popular approaches used in its work to detect intrusions based on rules [11]. Te disadvantage of rule-based detection is inability to detect new attacks, as these have no signatures in the database [4]. Tus, rule-based detection will increase the percentage of false negative results. On the other hand, the anomaly-based detection approach constructs models of all normal activities through the observed data and then alerts of any behavior or activity that deviates from this model [12]. Te main advantage of anomaly-based detection stems from its capability to detect novel attacks, which are diferent from the already learned attacks. However, its drawback is the increased likelihood of classifying normal behavior as attacks, thus increasing the false positive rate [13]. Hindawi Publishing Corporation e Scientific World Journal Volume 2015, Article ID 294761, 14 pages http://dx.doi.org/10.1155/2015/294761