Enhanced Data Mining and Decision Tree Techniques for Network Intrusion Detection System
Published: 2012
Author(s) Name: Nareshkumar D Harale, B B Mehsram
Locked
Subscribed
Available for All
Abstract
A Network intrusion detection system (IDS) is a security layer to detect
ongoing intrusive activities in computer networks and the major problem with IDS is that
typically so many alarms are generated as to overwhelm the system operator, many of
these being false alarms. Although smart intrusion and detection strategies are used to
detect any false alarms within the network critical subnets of network infrastructures,
reducing false positives is still a major challenge.
Up to this moment, these strategies focus on either detection or response features, but
often lack of having both features together. Without considering those features together,
intrusion detection systems probably will not be able to highly detect on low false alarm
rates. To offset the above mentioned constraints, this paper proposes a technique to
emphasis on detection involving statistical analysis of both attack and normal traffics
based on the training data set of KDD Cup 99. This technique also includes a hybrid
statistical approach which uses Data Mining and Decision Tree Classification which
results reduction misclassification of false positives and distinguish between real attacks
and false positives for the data of KDD Cup 99.
Since this technique can be used to evaluate and enhance the capability of the IDS to
detect and at the same time to respond to the threats and benign traffic in critical
network subnets, application and database infrastructures.
View PDF