Enhanced Data Mining and Decision Tree Techniques for Network Intrusion Detection System

Abstract

A Network intrusion detection system (IDS) is a security layer to detect ongoing intrusive activities in computer networks and the major problem with IDS is that typically so many alarms are generated as to overwhelm the system operator, many of these being false alarms. Although smart intrusion and detection strategies are used to detect any false alarms within the network critical subnets of network infrastructures, reducing false positives is still a major challenge. Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the above mentioned constraints, this paper proposes a technique to emphasis on detection involving statistical analysis of both attack and normal traffics based on the training data set of KDD Cup 99. This technique also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification which results reduction misclassification of false positives and distinguish between real attacks and false positives for the data of KDD Cup 99. Since this technique can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical network subnets, application and database infrastructures.

View PDF