Analysis of Hybrid Intrusion Detection System Based on Data Mining Techniques
Citation
Prathibha K S , Pankaj Kumar , Shyni T S. "Analysis of Hybrid Intrusion Detection System Based on Data Mining Techniques", International Journal of Engineering Trends and Technology (IJETT), V15(9),448-452 Sep 2014. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group
Abstract
The rapid growth of network based activities makes computer security is a more crucial issue. Many security methods are developed and used, but they are unfit to detect novel intrusions. Therefore, we propose a hybrid intrusion detection framework based on data mining classification and clustering techniques. In the proposed hybrid framework, improves the detection rate by taking the advantages of misuse and anomaly detection. In case of misuse detection, intrusion patterns are built automatically from a training data by the use of the random forest classification method. Then comparing this pattern against network activities to detect intrusions. In case of anomaly detection, the network activities processed to several clusters using weighted k means technique to detect novel intrusions. The whole process is evaluated over KDD’99 dataset.
References
[1] CSI/FBI Computer Crime and Security Survey. (2004). Computer Security Inst., San Francisco, CA. http://www.issa-sac.org/docs/FBI2004.pdf
[2] R.Bane, N.Shivsharan, “Network intrusion detection system (NIDS)”, 2008, pp.1272-1277.
[3] S. T. Brugger, “Data mining methods for network intrusion detection”, 2004, pp. 1-65.
[4] Snort Intrusion detection system.(2006). www.snort.org
[5] Reda M. Elbasiony, Elsayed A. Sallam, Tarek E. Eltobely, Mahmound M. Fahmy, “A hybrid network intrusion framework based on random forest and weighted k-means,” Ain Shams Engineering Journal, 2013.
[6] Jiong Zhang, Mohammad Zulkernine, and Anwar Haque, “Random-forest-based network intrusion detection systems,” IEEE transactions on systems, man, and cybernetics-part c: Applications and Reviews, Vol. 38, No. 5, September 2008
[7] Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep Srivastava and Pang-Nig Tan, “Data Mining for Network Intrusion Detection”. http://www-users.cs.umn.edu/~kumar/papers/nsf_ngdm_2002.pdf
[8] D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu, “ADAM: Detecting intrusions by data mining,” in Proc. 2nd Annu. IEEE Workshop Inf. Assur.Secur., New York, Jun. 2001, pp. 11-16.
[9] Manikandan R, Oviya P, and Hemalatha C, “A new data mining based network intrusion detection model,” Journal of Computer Applications, vol.5, February 2012.
[10] M. Mahoney and P.Chan, “An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection,” in Proc. Recent Adv. Intrusion Detect.(RAID), Pittsburgh, PA, Sep. 2003, Lecture Notes in Computer Science, vol. 2820, pp. 220-237.
[11] Salvatore j. Stolfo, Wenke Lee, Philip K. Chan, Wei Fan and Eleazar Eskin, “Data mining-based intrusion detectors: An overview of the Columbia IDS Project,” Columbia University, September 2001.
[12] Amit Sharma, S. N. Panda and Ashu Gupta, ”data mining techniques and their role in intrusion detection systems”, J. Acad. Indus. Res. Vol.1 (4), September 2012.
[13] Mohammad Khubeb Siddiqui and Shams Naahid, “ Analysis of KDD CUP 99 dataset using Clustering based Data Mining”, International Journal of Database Theory and Application, Vol. 6, No.5, 2013, pp. 23-34.
[14] Wenke Lee , Salvatore j. Stolfo, “ A framework for constructing features and models for intrusion detection systems,” ACM Transactions on information and system security, vol. 3, No. 4, pp. 227-261, November 2000.
[15] Salvatore j. Stolfo, Wenke Lee, Philip K. Chan, Wei Fan and Eleazar Eskin, “Data mining-based intrusion detectors: An overview of the Columbia IDS Project,” SIGMOD Record, Vol. 30, no.4, December 2001.
[16] Data mining Algorithms In R/Clustering/K-Means. http://en.wikibooks.org/wiki/Data_Mining_Algorithms_In_R/Clustering/K-Means Kdd99
Keywords
Network security, Intrusion detection, Data mining, Random Forest and Weighted K-Means.