Skip to main content
SpringerLink
Log in

Data Mining Approach for Intrusion Detection

  • Conference paper
  • First Online:
Book cover Business Intelligence (CBI 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 416))

Included in the following conference series:

Abstract

Intrusion detection systems are simply a security layer that aims to detect malware and unusual events in a network where they have been installed and notify the system administrator with an alarm. Intrusion detection systems divided into several types depending on the configuration that they have, these configurations are linked to the following components, which are defined as (1) the information source of the IDS, (2) the detection approach, and (3) the architecture of the IDS itself. The component that interests us is the detection approach, in general, two major detection approaches can be used within an IDS, a signature-based approach and a behavioural or anomaly-based approach, these two detection approaches can be treated with different techniques, one of these techniques is the technique of Data Mining. An intrusion is an activity that differs from the usual events, while an anomaly is an observation that differs so much from other observations. The intrusion and anomaly arouse suspicion that a different mechanism generated them. The objective is to understand these mechanisms behind intrusions and anomalies. Based on this idea, we say that the analogy of intrusion detection systems in Data Mining detects anomalies. The objective of intrusion detection systems is to detect attacks in a network, while the objective of the Data mining anomaly detection approach is to detect anomalies in a dataset. The anomaly detection approach is divided into three main techniques, supervised detection, unsupervised detection, and semi-supervised detection. The selection of the anomaly detection technique is based on the availability of class labels in the dataset. In our research study, we are using two real datasets, which are the KDDCup99 dataset and the NSL-KDD dataset. These two datasets contain thousands of normal network events and real attacks. Our goal behind this research study is to evaluate supervised and unsupervised detection techniques and compare each technique’s performance based on the results obtained.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rebecca, B., Peter, M.M.: Intrusion Detection Systems. National Institute of Standards and Technology. (2001). https://doi.org/10.6028/NIST.SP.800-94

    Article  Google Scholar 

  2. Debar, H.: An Introduction to Intrusion-Detection Systems (2009)

    Google Scholar 

  3. Rahul-Vigneswaran, K., Poornachandran, Prabaharan, Soman, K.P.: A compendium on network and host based intrusion detection systems. In: Kumar, Amit, Paprzycki, Marcin, Gunjan, Vinit Kumar (eds.) ICDSMLA 2019. LNEE, vol. 601, pp. 23–30. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-1420-3_3

  4. Kabiri, P., Ghorbani, A.: Research on intrusion detection and response: a survey. Int. J. Netw. Secur. 1(2), 84–102 (2005)

    Google Scholar 

  5. Sarkar, T., Das, N.: Survey on host and network based intrusion detection system. Int. J. Adv. Netw. Appl. 6(2), 2266–2269 (2014)

    Google Scholar 

  6. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy (2000)

    Google Scholar 

  7. Landge, R.S., Wadhe, A.: PMisuse detection system using various techniques: a review. Int. J. Adv. Res. Comput. Sci. 4(6) (2013)

    Google Scholar 

  8. Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60(01), 708–713 (2015). https://doi.org/10.1016/j.procs.2015.08.220

    Article  Google Scholar 

  9. Dahima, S., Shitlani, D.: A survey on various data mining technique in intrusion detection system. IOSR J.Comput. Eng. 19(01), 65–72 (2017). https://doi.org/10.9790/0661-1901016572

  10. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. 7 (1998)

    Google Scholar 

  11. Tom, M.M.: Machine Learning. McGraw‐Hill, Maidenhead, U.K. (1997). https://doi.org/10.1002/(SICI)1099-1689(199909)9:3<191::AID-STVR184>3.0.CO;2-E

  12. Tan, P.-N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Pearson Education (2006)

    Google Scholar 

  13. Alexandre, K.: Support Vector Machines Succinctly. Syncfusion, Inc. (2017)

    Google Scholar 

  14. Tariq, R.: Make Your Own Neural Network. CreateSpace Independent Publishing Platform (2016)

    Google Scholar 

  15. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, pp. 333–342 (2005)

    Google Scholar 

  16. Bhuyan, M., Bhattacharyya, D.K., Kalita, J.: Network anomaly detection: methods, systems and tools. Commun. Surv. Tutorials IEEE 16, 303–336 (2014). https://doi.org/10.1109/SURV.2013.052213.00046

    Article  Google Scholar 

  17. Parsazad, S., Saboori, E., Allahyar, A.: Fast Feature Reduction in intrusion detection datasets (2013)

    Google Scholar 

  18. Antti, J.: Intrusion detection applications using knowledge discovery and data mining (2014)

    Google Scholar 

  19. Mahini, R., Zhou, T., Li, P., Nandi, A., Li, H., Li, H., Cong, F.: Cluster Aggregation for Analyzing Event-Related. Potentials. (2017). https://doi.org/10.1007/978-3-319-59081-3_59

    Article  Google Scholar 

  20. Irani, J., Pise, N., Phatak, M.: Clustering techniques and the similarity measures used in clustering: a survey. Int. J. Comput. Appl. 134, 9–14 (2016). https://doi.org/10.5120/ijca2016907841

    Article  Google Scholar 

  21. Syarif, I., Prugel-Bennett, A., Wills, G.: Unsupervised Clustering Approach for Network Anomaly Detection. 293 (2012). https://doi.org/10.1007/978-3-642-30507-8_7

  22. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A Survey of Network-based Intrusion Detection Data Sets (2019)

    Google Scholar 

  23. Abdulrazaq: AImproving intrusion detection systems using data mining techniques. Doctoral thesis, Loughborough University (2016)

    Google Scholar 

  24. Hindy, H., et al.: A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets (2018)

    Google Scholar 

  25. Jalil, K., Kamarudin, M.H., Masrek, M.: Comparison of machine learning algorithms performance in detecting network intrusion. In: ICNIT 2010 - 2010 International Conference on Networking and Information Technology, pp. 221–226 (2010). https://doi.org/10.1109/ICNIT.2010.5508526

  26. Juvonen, A., Sipola, T.: Anomaly Detection Framework Using Rule Extraction for Efficient Intrusion Detection (2014). https://arxiv.org/pdf/1410.7709.pdf

  27. Laskov, P., Düssel, P., Schäfer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? 3617, 50–57 (2005). https://doi.org/10.1007/11553595_6

  28. Salo, F., Injadat, M., Nassif, A., Shami, A., Essex, A.: Data mining techniques in intrusion detection systems: a systematic literature review. IEEE Access PP, 1 (2018). https://doi.org/10.1109/ACCESS.2018.2872784. Author, F., Author, S.: Title of a proceedings paper. In: Editor, F., Editor, S. (eds.) CONFERENCE 2016, LNCS, vol. 9999, pp. 1–13. Springer, Heidelberg (2016)

Download references

Author information

Authors and Affiliations

  1. Laboratory of Information Processing and Decision Support, Faculty of Sciences and Technics, Sultan Moulay Slimane University, Beni-Mellal, Morocco

    Mohamed Azalmad & Youssef Fakir

Authors
  1. Mohamed Azalmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youssef Fakir
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Mohamed Fakir

  2. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Mohamed Baslam

  3. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Rachid El Ayachi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Azalmad, M., Fakir, Y. (2021). Data Mining Approach for Intrusion Detection. In: Fakir, M., Baslam, M., El Ayachi, R. (eds) Business Intelligence. CBI 2021. Lecture Notes in Business Information Processing, vol 416. Springer, Cham. https://doi.org/10.1007/978-3-030-76508-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-76508-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-76507-1

  • Online ISBN: 978-3-030-76508-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation