Effective Intrusion Detection System using Data Mining Technique
KRUNAL PANCHAL2015, Journal of emerging technologies and innovative research
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Network Security has become the key foundation with the tremendous increase in usage of network-based services and information sharing on networks. Intrusion poses a serious risk to the network security and compromise integrity, confidentiality & availability of the computer and network resources. Human classification of network audit data is expensive, time consuming and a tedious job. Intrusion Detection System (IDS) is one of the looms to detect attacks and anomalies in the network. Data mining technique has been widely applied in the network intrusion detection system by extracting useful knowledge from large number of network data. In this paper a hybrid model is proposed that integrates Anomaly based Intrusion detection technique with Signature based Intrusion detection technique is divided into two stages. In first stage, the signature based IDS SNORT is used to generate alerts for anomaly data. In second stage, data mining techniques "k-means + CART" is used to cas...
Related papers
Anomaly Based Network Intrusion Detection by using Data Mining
International Journal of Advanced Research in Computer Science and Electronics Engineering, 2012
As network attacks have increased in number and severity over the past few years, intrusion detection system (IDS) is increasingly becoming a critical component to secure the network. Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, optimizing performance of IDS becomes an important open problem that is receiving more and more attention from the research community. Intrusion poses a serious security risk in a network environment. The ever growing new intrusion types pose a serious problem for their detection. The human labeling of the available network audit data instances is usually tedious, time consuming and expensive. In this paper, we apply one of the efficient data mining algorithms called k-means clustering via naïve bayes classification for anomaly based network intrusion detection. Experimental results on the KDD cup'99 data set show the novelty of our approach in detecting network intrusion. It is observed that the proposed technique performs better in terms of Detection rate when applied to KDD'99 data sets compared to a naïve bayes based approach.
An Intrusion Detection based on Data mining technique and its intended importance
International Journal of Modern Trends in Engineering and Research, 2014
Intrusion detection is a pivotal and essential requirement of today’s era. There are two major side of Intrusion detection namely, Host based intrusion detection as well as network based intrusion detection. In Host based intrusion detection system, it monitors the information arrive at the particular machine or node. While in network based intrusion system, it monitor and analyze whole traffic of network. Data mining introduce latest technology and methods to handle and categorize types of attacks using different classification algorithm and matching the patterns of malicious behavior. Due to the use of this data mining technology, developers extract and analyze the types of attack in the network. In addition to this there are two major approach of intrusion detection. First, anomaly based approach, in which attacks are found with high false alarm rate. However, in signature based approach, false alarm rate is low with lack of processing of novel attacks. Most of the researchers do their research based on signature intrusion with the purpose to increase detection rate. Major advantage of this system, IDS does not require biased assessment and able to identify massive pattern of attacks. Moreover, capacity to handle large connection records of network. In this paper we try to discover the features of intrusion detection based on data mining technique.
Study on Data Mining Suitability for Intrusion Detection System (IDS
Intrusion Detection System used to discover attacks against computers and network Infrastructures. There are many techniques used to determine the IDS such as Outlier Detection Schemes for Anomaly Detection, K-Mean Clustering of monitoring data, classification detection and outlier detection. The data mining approaches help to determine what meets the criteria as an intrusion versus normal traffic, whether a system uses anomaly detection, misuse detection, target monitoring, or stealth probes. This paper attempts to evaluate, categorize, compares and summarizes the performance of data mining techniques to detect the intrusion.
Effective approach toward Intrusion Detection System using data mining techniques
With the tremendous growth of the usage of computers over network and development in application running on various platform captures the attention toward network security. This paradigm exploits security vulnerabilities on all computer systems that are technically difficult and expensive to solve. Hence intrusion is used as a key to compromise the integrity, availability and confidentiality of a computer resource. The Intrusion Detection System (IDS) plays a vital role in detecting anomalies and attacks in the network. In this work, data mining concept is integrated with an IDS to identify the relevant, hidden data of interest for the user effectively and with less execution time. Four issues such as Classification of Data, High Level of Human Interaction, Lack of Labeled Data, and Effectiveness of Distributed Denial of Service Attack are being solved using the proposed algorithms like EDADT algorithm, Hybrid IDS model, Semi-Supervised Approach and Varying HOPERAA Algorithm respectively. Our proposed algorithm has been tested using KDD Cup dataset. All the proposed algorithm shows better accuracy and reduced false alarm rate when compared with existing algorithms.
Data Mining Techniques for Providing Network Security through Intrusion Detection Systems: a Survey
International Journal of Advances in Applied Sciences (IJAAS), 2018
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Anomaly Based Intrusion Detection System Which Analyze the Dataset and Detect Intrusion
VAWKUM Transactions on Computer Sciences
As the research increased in computer science highlight the scientists mind for the growing research world towards security. Researchers have done a lot of research work in network Security. Cybersecurity has progressively become a zone of alarm for officials, Government agencies and industries, including big commercialized infrastructure, are under attack daily. First signature-based intrusion detection systems were developed, and it detects only novel attacks. To detect strange attacks statistical IDS came into being recognized as anomaly-based IDS. It is not as much efficient as it detects all. In this, study the author focus on the efficiency of IDS using NSL-KDD99 dataset and support vector machine (SVM) technique to identify attacks. NSL-KDD dataset is used for the evaluation of these type of systems.
Intrusion Detection System Using Hybrid Approach ( Clustering and Classification )
2014
Now a day’s security is the primary concerned in the field of computer science. Intrusion detection system provides stronger security services with the help of rules. Intrusion Detection System (IDS) has recently emerged as an important component for enhancing information system security. However, constructing and maintaining a misuse intrusion detection system for a network is labor– intensive, since attack scenarios and patterns need to be analyzed and categorized. Moreover, the rules corresponding to the scenarios and patterns need to be carefully hand-coded. In such situations, data mining can be used to ease this inconvenience. All most all-existing intrusion detection systems focus on attacks at low-level, and only produced isolated alerts. It is known that existing IDS can’t find any type of logical relations among alerts. This research proposes an intrusion detection system that uses a combination of classification and clustering algorithms to detect intrusions. Basically th...
Network Intrusion Detection System Using Data Mining
Communications in Computer and Information Science, 2012
The aim of this study is to simulate a network traffic analyzer that is part of an Intrusion Detection System -IDS, the main focus of research is data mining and for this type of application the steps that precede the data mining : data preparation (possibly involving cleaning data, data transformations, selecting subsets of records, data normalization) are considered fundamental for a good performance of the classifiers during the data mining stage. In this context, this paper discusses and presents as a contribution not only the classifiers that were used in the problem of intrusion detection, but also the initial stage of data preparation. Therefore, we tested the performance of three classifiers on the KDDCUP'99 benchmark intrusion detection dataset and selected the best classifiers. We initially tested a Decision Tree and a Neural Network using this dataset, suggesting improvements by reducing the number of attributes from 42 to 27 considering only two classes of detection, normal and intrusion. Finally, we tested the Decision Tree and Bayesian Network classifiers considering five classes of attack: Normal, DOS, U2R, R2L and Probing. The experimental results proved that the algorithms used achieved high detection rates (DR) and significant reduction of false positives (FP) for different types of network intrusions using limited computational resources.
Study on Exploring Data Mining Techniques for Network Intrusion Detection
Network intrusion detection is very important mechanism for detecting intrusions in networks. Data mining techniques play very important role in detecting intrusions in networks. Intrusions cause damage to the data and compromise integrity and confidentiality and availability of the data. Though many intrusions preventing software's are developed and installed in network stations and network operating systems still finds vulnerabilities of the systems using network hacking techniques and tries to break the security walls of the system and enters despite the intrusion preventive mechanism built in. Hence network administrators and data management team feels the intrusion detection techniques are essential in-order to know that intrusion occurred or not and track them in and out entries in the network, so that steps can be taken for further for preventing intrusions or to block the intrusions that keep coming in. though In Corporate world many intrusion detection software's and detections techniques of different solutions are being developed still the people are not satisfied with the performance of the IDS. So many researches are still carrying on in this area to seek efficient techniques which are used for Intrusion detection. In this research papers gives the idea of what is network intrusion detection system and what it supposed to do and what are the problems with this technology and finally focus on Data Mining Techniques & data mining process to build more effective intrusion detection systems. 1. INTRODUCTION In the field of networking the area of security comprise policies adapted by the network administrator to prevent and monitor unauthorized access. Network security involves authorization of network access which is controlled by the network administrator. Internet is network of networks and not network of host. In information security the Network Intrusions are the activities that violate the security norms of the network system. Network Intrusion Detection system is Mechanism used to identify, monitor intrusions that travel through on a network wire and analyze the traffic packets on a network for intrusion detection. The main goal of the network IDS is to identify the attacks and security threats as and when happen by providing the real time network monitoring and second provide attack information to the network administrator and third fix the attacks by taking preventing measures and finally store attack events in the disk for analysis to identify which is normal and intrusion. [1] We need intrusion detection techniques looking at a perspective of building a secure network. Secure a network first analyzing the vulnerability of the network environment. In second line of defense is intrusion prevention system. If the prevention fails the intrusion detection system comes in to the picture. If Intrusion detection system do fails (for example denial of service) then we want to rely on intrusion respond/tolerance systems. In this paper mainly focused on Intrusion detection system and their techniques. Intrusion detection to work First assumption is that system activities can be or are observable, second assumption is that normal and intrusive activities must have distinct evidence. The goal of intrusion detection is to analyze audit data and find out the evidence of Intrusion. Main techniques used are misuse detection & Anomaly detection. Misuse detection which is based on patterns finding of well known attack and anomaly detection which based on deviation from normal pattern usage of system. This paper gives new ideas and insights on the intrusion detection development process using data mining and focuses mainly on intrusion detection techniques. [16] 2. DRAWBACKS OF CURRENT INTRUSION DETECTION TECHNIQUES The reasons for drawbacks of current state of intrusion detection techniques mainly due to Poor theoretical foundations and development methodology, development process to develop intrusion detection systems. So most of the IDS pure based knowledge on software engineering techniques involves studying particular network configuration, operating system environment and application software and possible attack methods that can be launched, so based on that knowledge IDS developed and hoping that will work. But the networking environment really too complicated. So just going through software engineering process is very slow and very expensive process. [2]
A Novel Data Mining based Hybrid Intrusion Detection Framework
The prosperity of technology worldwide has made the concerns of security tend to increase rapidly. The enormous usage of internetworking has raised the need of protecting system(s) as well as network(s) from the unauthorized access (intrusion). To tackle the intrusive activities, several countermeasures have been found in literature viz. firewall, antivirus and currently widely preferred Intrusion detection System (IDS). IDS, is a detection mechanism for detecting the intrusive activities hidden among the normal activities. The revolutionary establishment of IDS has attracted analysts to work dedicatedly enabling the system to deal with technological advancements. Hence in this regard, various beneficial schemes and models have been proposed in order to achieve enhanced IDS. This paper proposes a novel hybrid model for intrusion detection. The proposed framework in this paper may be expected as another step towards advancement of IDS. The framework utilizes the crucial data mining classification algorithms beneficial for intrusion detection. The Hybrid framework would henceforth, will lead to effective, adaptive and intelligent intrusion detection.
Data Mining Approaches For Network Intrusion Detection System
Data mining has been gaining popularity in knowledge discovery field, particularity with the increasing availability of digital documents in various languages from all around the world. Network intrusion detection is the process of monitoring the events occurring in a computing system or network and analyzing them for signs of intrusions. In this paper, intrusion detection & several areas of intrusion detection in which data mining technology applied are discussed. Data mining techniques are used to discover consistent and useful patterns of system features that describe program and user behavior. Data mining can improve variant detection rate, control false alarm rate and reduce false dismissals. By using these set of relevant system features to compute classifiers that recognize anomalies & known intrusion.
A Survey on Data Mining Approaches for Network Intrusion Detection System
Data mining has been gaining popularity in knowledge discovery field, particularity with the increasing availability of digital documents in various languages from all around the world. Network intrusion detection is the process of monitoring the events occurring in a computing system or network and analysing them for signs of intrusions. In this paper, intrusion detection & several areas of intrusion detection in which data mining technology applied are discussed. Data mining techniques are used to discover consistent and useful patterns of system features that describe program and user behaviour. Data mining can improve variant detection rate, control false alarm rate and reduce false dismissals. By using these set of relevant system features to compute classifiers that recognize anomalies & known intrusion.
Enhancing Intrusion Detection System by Reducing the False Positives through Application of Various Data Mining Techniques
With the growth of cyber-attacks as observed over the last couple of decades safety, protection and privacy of information has become a major concern for organizations across the globe. Intrusion detection systems (IDSs) have thus gained important place and play a key role in detecting large number of attacks. There are a number of intrusion detection systems in market and most of them have the problem of having a relatively large number of false positives. Hence a need has arisen in the networking society of addressing the issue of false alarm and false positives and has resulted in an interest for researchers in IDS area. The main motivation of this research is in enhancing the performance of different data mining techniques to handle the alerts, reduce them and classify real attacks and reduce false positives .In this paper, the authors propose a novel hybrid model of RT and PART as to lower the rate of false positives. The algorithms are first trained for detecting attacks on KDD99 Dataset and then are tested on live traffic to classify whether the flow is normal or there are attacks. Random Tree (RT) and PART algorithms statistically validate the experimental results. The Hybrid framework on comparative analysis outperforms its counterparts and may lead to improved intelligent intrusion detection.
Intrusion Detection System using Classification Technique
International Journal of Computer Applications, 2016
In today's world people are extensively using internet and thus are also vulnerable to its flaws. Cyber security is the main area where these flaws are exploited. Intrusion is one way to exploit the internet for search of valuable information that may cause devastating damage, which can be personal or on a large scale. Thus Intrusion detection systems are placed for timely detection of such intrusion and alert the user about the same. Intrusion Detection using hybrid classification technique consist of a hybrid model i.e. misuse detection model (AdTree based) and Anomaly model (svm based).NSL-KDD intrusion detection dataset plays a vital role in calibrating intrusion detection system and is extensively used by the researchers working in the field of intrusion detection. This paper presents Association rule mining technique for IDS.
Evaluation of K-Means Clustering for Effective Intrusion Detection and Prevention in Massive Network Traffic Data
International Journal of Computer Applications, 2014
With the growth of hacking and exploiting tools and invention of new ways of intrusion, Intrusion detection and prevention is becoming the major challenge in the world of network security. It is becoming more demanding due to increasing network traffic and data on Internet. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. Intrusion detection systems using data mining approaches make it possible to search patterns and rules in large amount of audit data. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Unsupervised learning methods are efficient in detecting unknown attacks in large datasets. In this paper we investigate clustering approaches for network intrusion detection. We carried out our experiments on K-means clustering algorithm and measured the performance based on detection rates and false positive rate with different cluster values. The KDD dataset which is freely available online is used for our experimentation and results are compared. Our intrusion detection system using clustering approach is able to detect different types of intrusions, while maintaining a low false positive rate.
An Approach for Building Intrusion Detection System by Using Data Mining Techniques
Information security is one of the cornerstones of Information Society. Integrity and privacy of financial transactions, personal information and critical infrastructure data, all depend on the availability of strong and trustworthy security mechanisms. In recent years, many researchers are using data mining techniques for building IDS. Here, we propose a new approach by utilizing data mining techniques such as neuro-fuzzy and radial basis support vector machine (SVM) for helping IDS to attain higher detection rate. The proposed technique has four major steps: primarily, k-means clustering is used to generate different training subsets. Then, based on the obtained training subsets, different neuro-fuzzy models are trained. Subsequently, a vector for SVM classification is formed and in the end, classification using radial SVM is performed to detect intrusion has happened or not. To illustrate the applicability and capability of the new approach, the results of experiments on KDD CUP 1999 dataset is demonstrated. Experimental results shows that our proposed new approach do better than Conditional random fields (CRF) with respect to specificity and detection accuracy.
Data Mining Techniques for Intrusion Detection: A Review
2016
With significant advancement of web, security of system activity is turning into a major issue PC system framework. Cyber attacks on system are expanding day-by-day. Intrusion is considered as most pitched attack on system traffic. Intrusion recognition framework has been utilized for finding out intrusion and to protect the security objectives of data from attacks. Data mining systems are utilized to screen and investigate extensive measure of system information and group this system information into anomalous and typical information. Since information originates from different sources, system traffic is substantial. Data mining methods such as classification and clustering are connected to design of intrusion detection framework. A viable Intrusion detection framework requires high recognition rate, low false caution rate and additionally high precision. This paper exhibits the audit on IDS and diverse Data mining methods connected on IDS for the powerful detection of pattern for ...
Survey on Data Mining Techniques for Intrusion Detection System
2014
Today, Intrusion Detection Systems have been employed by majority of the organizations to safeguard the security of information systems. Firewalls that are used for intrusion detection possess certain drawbacks which are overcome by various data mining approaches. Data mining techniques play a vital role in intrusion detection by analyzing the large volumes of network data and classifying it as normal or anomalous. Several data mining techniques like Classification, Clustering and Association rules are widely used to enhance intrusion detection. Among them clustering is preferred over classification since it does not require manual labelling of the training data and the system need not be aware of the new attacks. This paper discusses three different clustering algorithms namely K-Means Clustering, Y-Means Clustering and Fuzzy C-Means Clustering. K-Means clustering results in degeneracy and is not suitable for large databases. Y-Means is an improvement over K-means that eliminates e...
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.