Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Enhanced Data Mining and Decision Tree Techniques for Network Intrusion Detection System


     

   Subscribe/Renew Journal


A Network intrusion detection system (IDS) is a security layer to detect ongoing intrusive activities in computer networks and the major problem with IDS is that typically so many alarms are generated as to overwhelm the system operator, many of these being false alarms. Although smart intrusion and detection strategies are used to detect any false alarms within the network critical subnets of network infrastructures, reducing false positives is still a major challenge

Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the above mentioned constraints, this paper proposes a technique to emphasis on detection involving statistical analysis of both attack and normal traffics based on the training data set of KDD Cup 99. This technique also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification which results reduction misclassification of false positives and distinguish between real attacks and false positives for the data of KDD Cup 99.

Since this technique can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical network subnets, application and database infrastructures.


Keywords

Intrusion Alert, False Positive, False Negative, Intrusion Detection System, Data Mining, Decision Tree Classification, Network Subnets
Subscription Login to verify subscription
User
Notifications
Font Size


  • Ajith Abraham, Ravi. Jain, Soft Computing Models for Network Intrusion Detection Systems. Classification and Clustering for Knowledge Discovery, Saman Halgamuge and Lipo Wang (Eds.), Studies in Computational Intelligence, Vol. 4, Springer Verlag Germany, 2005, ISBN: 3-540-260730 ,Chapter 13, pp. 187-204.
  • Gowadia, V., Farkas, C., and Valtorta, M., Paid: A probabilistic agent-based intrusion detection system. Journal of Computers and Security, 2005.
  • Hasimi Sallehudin, “Pengenalpastian Amaran Palsu Positif Menggunakan Penggalian Data dan Pepohon Keputusan”. University of Malaya. 2008.
  • Hettich, S. and Bay, S. D., The UCI KDD Archive Irvine, CA: University of California, Irvine, KDD Cup 1999 Data, 5th International Conference on Knowledge Discovery and Data Mining, 1999.
  • Kendall, K. 1999, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, 1999
  • Malaysian Computer Emergency Response Team (MyCERT), 2007, Last Malaysian Journal of Computer Science, Vol. 21(2), 2008. Identifying False Alarm for Network Intrusion Detection System Using Hybrid Data Mining and Decision Tree pp.101-115].
  • Moulton, R.T., “Network Security”, Datamation, Vol.29, No.7, 1983, pp.121- 127.
  • MIT Lincoln Laboratory, DARPA Intrusion Detection Evaluation. [Internet] http://www.ll.mit.edu/IST/ideval
  • Nilsson, N., Introduction to Machine Learning. Stanford University, 1996. [Internet] http://ai.stanford.edu/~nilsson/MLDraftBook/MLBOOK.pdf
  • Rebecca Base and Peter Mell, NIST Special Publication on Intrusion Detection Systems. Infidel, Inc., Sctts Valley, CA and National Institute of Standards and Technology, 2001.
  • Rietta, F., Application layer intrusion detection for sql injection. Proceedings of the 2006 ACM Symposium of Applied Computing (ACMSE- 2006).
  • Yu, Z., Tsai, J. J. P., and Weigert, T. 2008. An adaptive automatically tuning intrusion detection system. ACM Trans. Autonom. Adapt. Syst. 3, 3, Article 10 (August 2008), 25 pages.
  • Wenke Lee, Sal Stolfo and Kui Mok, A Data Mining Framework for Building Intrusion Detection Models. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1999.

Abstract Views: 316

PDF Views: 3




  • Enhanced Data Mining and Decision Tree Techniques for Network Intrusion Detection System

Abstract Views: 316  |  PDF Views: 3

Authors

Abstract


A Network intrusion detection system (IDS) is a security layer to detect ongoing intrusive activities in computer networks and the major problem with IDS is that typically so many alarms are generated as to overwhelm the system operator, many of these being false alarms. Although smart intrusion and detection strategies are used to detect any false alarms within the network critical subnets of network infrastructures, reducing false positives is still a major challenge

Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the above mentioned constraints, this paper proposes a technique to emphasis on detection involving statistical analysis of both attack and normal traffics based on the training data set of KDD Cup 99. This technique also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification which results reduction misclassification of false positives and distinguish between real attacks and false positives for the data of KDD Cup 99.

Since this technique can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical network subnets, application and database infrastructures.


Keywords


Intrusion Alert, False Positive, False Negative, Intrusion Detection System, Data Mining, Decision Tree Classification, Network Subnets

References