Abstract
Intrusion detection systems are simply a security layer that aims to detect malware and unusual events in a network where they have been installed and notify the system administrator with an alarm. Intrusion detection systems divided into several types depending on the configuration that they have, these configurations are linked to the following components, which are defined as (1) the information source of the IDS, (2) the detection approach, and (3) the architecture of the IDS itself. The component that interests us is the detection approach, in general, two major detection approaches can be used within an IDS, a signature-based approach and a behavioural or anomaly-based approach, these two detection approaches can be treated with different techniques, one of these techniques is the technique of Data Mining. An intrusion is an activity that differs from the usual events, while an anomaly is an observation that differs so much from other observations. The intrusion and anomaly arouse suspicion that a different mechanism generated them. The objective is to understand these mechanisms behind intrusions and anomalies. Based on this idea, we say that the analogy of intrusion detection systems in Data Mining detects anomalies. The objective of intrusion detection systems is to detect attacks in a network, while the objective of the Data mining anomaly detection approach is to detect anomalies in a dataset. The anomaly detection approach is divided into three main techniques, supervised detection, unsupervised detection, and semi-supervised detection. The selection of the anomaly detection technique is based on the availability of class labels in the dataset. In our research study, we are using two real datasets, which are the KDDCup99 dataset and the NSL-KDD dataset. These two datasets contain thousands of normal network events and real attacks. Our goal behind this research study is to evaluate supervised and unsupervised detection techniques and compare each technique’s performance based on the results obtained.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rebecca, B., Peter, M.M.: Intrusion Detection Systems. National Institute of Standards and Technology. (2001). https://doi.org/10.6028/NIST.SP.800-94
Debar, H.: An Introduction to Intrusion-Detection Systems (2009)
Rahul-Vigneswaran, K., Poornachandran, Prabaharan, Soman, K.P.: A compendium on network and host based intrusion detection systems. In: Kumar, Amit, Paprzycki, Marcin, Gunjan, Vinit Kumar (eds.) ICDSMLA 2019. LNEE, vol. 601, pp. 23–30. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-1420-3_3
Kabiri, P., Ghorbani, A.: Research on intrusion detection and response: a survey. Int. J. Netw. Secur. 1(2), 84–102 (2005)
Sarkar, T., Das, N.: Survey on host and network based intrusion detection system. Int. J. Adv. Netw. Appl. 6(2), 2266–2269 (2014)
Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy (2000)
Landge, R.S., Wadhe, A.: PMisuse detection system using various techniques: a review. Int. J. Adv. Res. Comput. Sci. 4(6) (2013)
Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60(01), 708–713 (2015). https://doi.org/10.1016/j.procs.2015.08.220
Dahima, S., Shitlani, D.: A survey on various data mining technique in intrusion detection system. IOSR J.Comput. Eng. 19(01), 65–72 (2017). https://doi.org/10.9790/0661-1901016572
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. 7 (1998)
Tom, M.M.: Machine Learning. McGraw‐Hill, Maidenhead, U.K. (1997). https://doi.org/10.1002/(SICI)1099-1689(199909)9:3<191::AID-STVR184>3.0.CO;2-E
Tan, P.-N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Pearson Education (2006)
Alexandre, K.: Support Vector Machines Succinctly. Syncfusion, Inc. (2017)
Tariq, R.: Make Your Own Neural Network. CreateSpace Independent Publishing Platform (2016)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, pp. 333–342 (2005)
Bhuyan, M., Bhattacharyya, D.K., Kalita, J.: Network anomaly detection: methods, systems and tools. Commun. Surv. Tutorials IEEE 16, 303–336 (2014). https://doi.org/10.1109/SURV.2013.052213.00046
Parsazad, S., Saboori, E., Allahyar, A.: Fast Feature Reduction in intrusion detection datasets (2013)
Antti, J.: Intrusion detection applications using knowledge discovery and data mining (2014)
Mahini, R., Zhou, T., Li, P., Nandi, A., Li, H., Li, H., Cong, F.: Cluster Aggregation for Analyzing Event-Related. Potentials. (2017). https://doi.org/10.1007/978-3-319-59081-3_59
Irani, J., Pise, N., Phatak, M.: Clustering techniques and the similarity measures used in clustering: a survey. Int. J. Comput. Appl. 134, 9–14 (2016). https://doi.org/10.5120/ijca2016907841
Syarif, I., Prugel-Bennett, A., Wills, G.: Unsupervised Clustering Approach for Network Anomaly Detection. 293 (2012). https://doi.org/10.1007/978-3-642-30507-8_7
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A Survey of Network-based Intrusion Detection Data Sets (2019)
Abdulrazaq: AImproving intrusion detection systems using data mining techniques. Doctoral thesis, Loughborough University (2016)
Hindy, H., et al.: A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets (2018)
Jalil, K., Kamarudin, M.H., Masrek, M.: Comparison of machine learning algorithms performance in detecting network intrusion. In: ICNIT 2010 - 2010 International Conference on Networking and Information Technology, pp. 221–226 (2010). https://doi.org/10.1109/ICNIT.2010.5508526
Juvonen, A., Sipola, T.: Anomaly Detection Framework Using Rule Extraction for Efficient Intrusion Detection (2014). https://arxiv.org/pdf/1410.7709.pdf
Laskov, P., Düssel, P., Schäfer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? 3617, 50–57 (2005). https://doi.org/10.1007/11553595_6
Salo, F., Injadat, M., Nassif, A., Shami, A., Essex, A.: Data mining techniques in intrusion detection systems: a systematic literature review. IEEE Access PP, 1 (2018). https://doi.org/10.1109/ACCESS.2018.2872784. Author, F., Author, S.: Title of a proceedings paper. In: Editor, F., Editor, S. (eds.) CONFERENCE 2016, LNCS, vol. 9999, pp. 1–13. Springer, Heidelberg (2016)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Azalmad, M., Fakir, Y. (2021). Data Mining Approach for Intrusion Detection. In: Fakir, M., Baslam, M., El Ayachi, R. (eds) Business Intelligence. CBI 2021. Lecture Notes in Business Information Processing, vol 416. Springer, Cham. https://doi.org/10.1007/978-3-030-76508-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-76508-8_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-76507-1
Online ISBN: 978-3-030-76508-8
eBook Packages: Computer ScienceComputer Science (R0)