Skip to main content
SpringerLink
Log in

Network Intrusion Detection System Using Data Mining

  • Conference paper
Engineering Applications of Neural Networks (EANN 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 311))

Abstract

The aim of this study is to simulate a network traffic analyzer that is part of an Intrusion Detection System - IDS, the main focus of research is data mining and for this type of application the steps that precede the data mining : data preparation (possibly involving cleaning data, data transformations, selecting subsets of records, data normalization) are considered fundamental for a good performance of the classifiers during the data mining stage. In this context, this paper discusses and presents as a contribution not only the classifiers that were used in the problem of intrusion detection, but also the initial stage of data preparation. Therefore, we tested the performance of three classifiers on the KDDCUP’99 benchmark intrusion detection dataset and selected the best classifiers. We initially tested a Decision Tree and a Neural Network using this dataset, suggesting improvements by reducing the number of attributes from 42 to 27 considering only two classes of detection, normal and intrusion. Finally, we tested the Decision Tree and Bayesian Network classifiers considering five classes of attack: Normal, DOS, U2R, R2L and Probing. The experimental results proved that the algorithms used achieved high detection rates (DR) and significant reduction of false positives (FP) for different types of network intrusions using limited computational resources.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Stolfo, S.J., et al.: KDD cup 1999 data set. KDD repository. University of California, Irvine, http://kdd.ics.uci.edu

  2. Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)

    Google Scholar 

  3. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A Detailed Analysis of the KDD CUP 99 Data Set. Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA (2009)

    Google Scholar 

  4. Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann (1993)

    Google Scholar 

  5. John, G., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345 (1995)

    Google Scholar 

  6. Kohavi, R.: Scaling up the accuracy of naive-Bayes classifiers: A decision-tree hybrid. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, vol. 7 (1996)

    Google Scholar 

  7. Breiman, L.: Random Forests. Machine Learning 45(1), 5–32 (2001)

    Google Scholar 

  8. Aldous, D.: The continuum random tree. I. The Annals of Probability, 1–28 (1991)

    Google Scholar 

  9. Ruck, D., Rogers, S., Kabrisky, M., Oxley, M., Suter, B.: The multilayer perceptron as an approximation to a Bayes optimaldiscriminant function. IEEE Transactions on Neural Networks 1(4), 296–298 (1990)

    Google Scholar 

  10. Chang, C., Lin, C.: LIBSVM: a library for support vector machines (2001), Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm

  11. Waikato environment for knowledge analysis (weka) version 3.5.7 (June 2008), http://www.cs.waikato.ac.nz/ml/weka/

  12. Farid, D.M., Harbi, N., Rahman, M.Z.: Combining naive Bayes and Decision Tree for adaptative Intrusion Detection. International Journal of Network Security & Its Applications (IJNSA) 2(2) (April 2010)

    Google Scholar 

  13. KDD Cup 1999 (October 2007), http://kdd.ics.uci.edu/datasets/kddcup99/kddcup99.html

  14. Panda, M., Patra, M.R.: Network intrusion detection using naive bayes. IJCSNS (2006)

    Google Scholar 

  15. Faroun, K.M., Boukelif, A.: Neural network learning improvement using k-means clustering algorithm to detect network intrusions. IJCI (2006)

    Google Scholar 

  16. Gaddam, S.R., Phoha, V.V., Balagani, K.S.: Means+id3 a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Transactions on Knowledge and Data Engineering (2007)

    Google Scholar 

  17. Wasniowski, R.: Multi-sensor agent-based intrusion detection system. In: Proc. of the 2nd Annual Conference on Information Security, Kennesaw, Georgia, pp. 100–103 (2005)

    Google Scholar 

  18. Chen, R.C., Chen, S.P.: Intrusion detection using a hybrid support vector machine based on entropy and TF-IDF. International Journal of Innovative Computing, Information, and Control (IJICIC) 4(2), 413–424 (2008)

    Google Scholar 

  19. Alvarez, G., Petrovic, S.: A new taxonomy of web attacks suitable for efficient encoding. Computers and Security 22(5), 435–449 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidade Federal do Pará - UFPA, Av. dos Universitários s/n - Jaderlandia, Castanhal, PA, Brasil, Cep: 68746-360

    Lídio Mauro Lima de Campos, Roberto Célio Limão de Oliveira & Mauro Roisenberg

Authors
  1. Lídio Mauro Lima de Campos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Célio Limão de Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Roisenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Coventry University, Priory Street,, CV1 5FB, Coventry, UK

    Chrisina Jayne

  2. University of Lincoln, LN6 7TS, Lincoln, UK

    Shigang Yue

  3. University of Thrace, 193 Pandazidou st., 68200 N, Orestiada, Greece

    Lazaros Iliadis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

de Campos, L.M.L., de Oliveira, R.C.L., Roisenberg, M. (2012). Network Intrusion Detection System Using Data Mining. In: Jayne, C., Yue, S., Iliadis, L. (eds) Engineering Applications of Neural Networks. EANN 2012. Communications in Computer and Information Science, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32909-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32909-8_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32908-1

  • Online ISBN: 978-3-642-32909-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation