Anomaly intrusion detection model using data mining techniques

Abstract

Intrusion detection system has become an important component of a network infrastructure protection mechanism. There are generally two main methods or techniques in intrusion detection; misuse detection and anomaly detection. While it is imperative for IDSs to be adaptive and extensible in today’s network computing environment, a more systematic and automated approach is required in building such system. A data-centric point of view is taken to consider intrusion detection as a data analysis process where data mining techniques can be applied. This research focuses on the various data mining techniques for anomaly based intrusion detection system. The key idea is to conduct a comparative study of several data mining techniques for analysing large intrusion detection data sets. Evaluations are done using unsupervised anomaly detection schemes on the DARPA’98 data sets and real network traffic. Unsupervised learning method is used to be able to detect novel attacks not seen before as well as due to the dynamic nature of attacks characteristics. In addition, the evalution is to identify accuracy in detecting the different types of network intrusions ranging from both time-based and content-based attacks. The detection performance is measured by its detection accuracies and ROC (Receiver’s Operating Characteristics) curves. Results from this evaluation shall lead to the proposal for an anomaly intrusion detection model of an effective network intrusion detection system based on the criteria of mesurement.