Skip to main content
SpringerLink
Log in

Comparative Analysis and Research Issues in Classification Techniques for Intrusion Detection

  • Conference paper
Intelligent Computing, Networking, and Informatics

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 243))

Abstract

Intrusion detection is one of the major research problems in network security. It is the process of monitoring and analyzing the events occurring in a computer system in order to detect different security violations. Mining approach can play a very important role in developing an intrusion detection system. In this paper, we present the comparison of different classification techniques to detect and classify intrusions into normal and abnormal behaviors. The algorithms used are J48, Naive Bayes, JRip, and OneR. We use the WEKA tool to evaluate these algorithms. The experiments and assessments of these methods are performed with NSL-KDD intrusion detection dataset. Our main aim was to show the comparison of the different classification algorithms and find out which algorithm will be most suitable for the intrusion detection. We also summarize the research challenges in classification process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lee, W., Stolfo, S.J., Mok, K.W.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3(4), 227–261 (2000)

    Article  Google Scholar 

  2. Zhu, D., Premkumar, G., Zhang, X., Chu, C.-H.: Data mining for network intrusion detection: a comparison of alternative methods. Decis. Sci. 32(4), 635–660 (2001)

    Article  Google Scholar 

  3. Kim, T., Yeo, S.S., Liu, Z., Lai, Y.: A data mining framework for building intrusion detection models based on IPv6. Adv. Inf. Secur. Assur. 5576, 608–618 (2009). Springer, Berlin

    Google Scholar 

  4. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. 7th USENIX Secur. Symp. 7(4), 635–660 (1998). San Antonio, TX

    Google Scholar 

  5. Gaol, F.L., Yi, S., Deng, F.: Research of network intrusion-detection system based on data mining. Recent Progress Data Eng. Internet Technol. 157, 141–148 (2012). Springer, Berlin

    Article  Google Scholar 

  6. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. IEEE Symposium on Security and Privacy, pp. 133–145, (1999)

    Google Scholar 

  7. Schultz, M.G., Zadok, E., Stolfo, S.J., Eskin, E.: Data mining methods for detection of new malicious executables. IEEE Symposium on Security and Privacy, Columbia University, pp. 38–49. (2001)

    Google Scholar 

  8. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Kumar, V., Srivatsa, J., Dokas, P.: MINDS—Minnesota Intrusion Detection System, Next Generation Data Mining. MIT Press, Cambridge (2004)

    Google Scholar 

  9. Nazer, G.M., Selvakumar, A.L.: Intelligent data mining techniques for intrusion detection models on network. Eur. J. Sci. Res. 71(1), 36–45 (2012)

    Google Scholar 

  10. Hwang, T., Lee, T., Lee, Y.: A three-tier IDS via data mining approach. 3rd annual ACM workshop on Mining network data, pp. 1–6. (2007)

    Google Scholar 

  11. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Comput. Netw. 34(4), 579–595 (2000)

    Article  Google Scholar 

  12. Olusola, A.A., Oladele, A.S., Abosede, D.O.: Analysis of KDD’99 intrusion detection dataset for selection of relevance features. World Congress on Engineering and Computer Science, vol. 1. San Francisco, USA, 20–22 Oct 2010

    Google Scholar 

  13. Tavallaee, M., Bagheri, E., Wei, L., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA, pp. 1–6. (2009)

    Google Scholar 

  14. Subramanian, S., Srinivasan, V.B., Ramasa, C.: Study on classification algorithms for network intrusion systems. J. Commun. Comput. 9, 1242–1246 (2012)

    Google Scholar 

  15. NSL-KDD dataset (Available Online). http://iscx.ca/NSL-KDD/

  16. Kalyani, G., Lakshmi, A.J.: Performance assessment of different classification techniques for intrusion detection. IOSR J. Comput. Eng. (IOSRJCE) 7(5), 25–29 (2012)

    Article  Google Scholar 

  17. Reddy, E.K., Iaeng, M., Reddy, V.N., Rajulu, P.G.: A study of intrusion detection in data mining. World Congress on Engineering (WCE), pp 6–8. London, 3 July 2011

    Google Scholar 

  18. Neethu, B.: Classification of intrusion detection dataset using machine learning approaches. Int. J. Electron. Comput. Sci. Eng. 1, 1044–1051 (2012)

    Google Scholar 

  19. Srinivasulu, P., Nagaraju, D., Kumar, P.R., Rao, K.N.: Classifying the network intrusion attacks using data mining classification methods and their performance comparison. Int. J. Comput. Sci. Network Secur. (IJCSNS) 9(6), 11–18 (2009)

    Google Scholar 

  20. Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, Los Altos (1993)

    Google Scholar 

  21. WEKA—Data Mining Machine Learning Software (Available Online) http://www.cs.waikato.ac.nz/ml/weka/

  22. S. Garner: Weka: the Waikato environment for knowledge analysis. Computer Science Research Students Conference, pp. 57–64, Citeseer, New Zealand, (1995)

    Google Scholar 

  23. Domingos, P., Pazzani, M.: On the optimality of the simple Bayesian classifier under zero-one loss. Mach. Learn. 29(2&3), 103–130 (1997)

    Article  Google Scholar 

  24. Cohen, W.W.: Fast effective rule induction. Twelfth International Conference on Machine Learning, pp. 115–123, (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Graphic Era University, Dehradun, Uttarakhand, India

    Himadri Chauhan

  2. Department of Computer Science and Engineering, Graphic Era University, Dehradun, Uttarakhand, India

    Vipin Kumar, Sumit Pundir & Emmanuel S. Pilli

Authors
  1. Himadri Chauhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vipin Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sumit Pundir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emmanuel S. Pilli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Himadri Chauhan .

Editor information

Editors and Affiliations

  1. Computer Science and Engineering, National Institute of Technology Rourkela, Rourkela, Orissa, India

    Durga Prasad Mohapatra

  2. Computer Science and Engineering, SOA University, Bhubaneswar, India

    Srikanta Patnaik

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer India

About this paper

Cite this paper

Chauhan, H., Kumar, V., Pundir, S., Pilli, E.S. (2014). Comparative Analysis and Research Issues in Classification Techniques for Intrusion Detection. In: Mohapatra, D.P., Patnaik, S. (eds) Intelligent Computing, Networking, and Informatics. Advances in Intelligent Systems and Computing, vol 243. Springer, New Delhi. https://doi.org/10.1007/978-81-322-1665-0_68

Download citation

  • DOI: https://doi.org/10.1007/978-81-322-1665-0_68

  • Publisher Name: Springer, New Delhi

  • Print ISBN: 978-81-322-1664-3

  • Online ISBN: 978-81-322-1665-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation