International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395 -0056
Volume: 04 Issue: 02 | Feb -2017
p-ISSN: 2395-0072
www.irjet.net
INTRUSION DETECTION SYSTEM: CLASSIFICATION, TECHNIQUES AND DATASETS TO IMPLEMENT Rashmi Ravindra Chaudhari 1, Sonal Pramod Patil 2 1Second
year, ME, CSE, GHRIEM, Jalgaon, Maharashtra, India. CSE, GHRIEM, Jalgaon, Maharashtra, India.
2HOD,
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract – With the escalation of the internet, Security of
static defense techniques. This increases the need for dynamic technique, which can be monitors system and identify illegal activities. Thus to enhance the network security dynamic approach is introduced and known as Intrusion Detection System. Intrusion detection system collects online information from the network after that monitors and analyzes this information and partitions it into normal & malicious activities, provide the result to system administrator [2].
network traffic is becoming a major problem of computer network system. As time is passing the number of attacks on the network are increasing. Such attacks on network are nothing but the Intrusions. Intrusion detection system has been used for detecting intrusion and to protect the data and network from attacks. Data mining techniques are used to monitor and analyze large amount of network data & classify these network data into anomalous and normal data. Since data comes from various sources, network traffic is large. Data mining techniques such as classification and clustering are applied to build Intrusion detection system. This paper presents the classification of IDS, different Data mining techniques and datasets for the effective detection of pattern for both malicious and normal activities in network, which helps to develop secure information system. Also it provides a brief study of various datasets that are useful for an intrusion detection system.
IDS is the area, where Data mining is used extensively, this is due to limited scalability, adaptability and validity. In IDS data is collected from various sources like network log data, host data etc. Since the network traffic is large, the analysis of data is too hard. This give rise to the need of using IDS along with different Data mining techniques for intrusion detection. This paper is organized as follows. Section 1 gives Introduction. Section 2 discusses about the literature survey. Section 3 overviews the intrusion detection system and its classification. Section 4 gives various data mining techniques for IDS. Section 5 discusses about the various datasets that are useful to build an IDS and the next section is of conclusion.
Key Words: Data mining; Intrusion Detection System; Anomaly Detection; Misuse Detection; Clustering; Classifications, KDD99, GureKDD, NSL-KDD.
1. INTRODUCTION The importance of security problem for the data has been increasing day by day along with the rapid development of the computer network. Security means degree of protection given to the network or system. The main goals of security are confidentiality, Integrity and availability of data [1]. Attacks on network can be referred as Intrusion. Intrusion means any set of malicious activities that attempt to compromise the security goals of the information. Intrusion detection is one of the enormous information security problems. IDS (Intrusion Detection System) assist the system in resisting external attacks.
2. LITERATURE SURVEY M.Govindarajan et.al.(2009)[7], proposed new K-nearest neighbour classifier applied on Intrusion detection system and evaluate performance in term of Run time and Error rate on normal and malicious dataset. This new classifier is more accurate than existing K-nearest neighbour classifier. Mohammadreza Ektela et.al.(2010)[8], used Support Vector Machine and classification tree Data mining technique for intrusion detection in network. They compared C4.5 and Support Vector Machine by experimental result and found that C4.5 algorithm has better performance in term of detection rate and false alarm rate than SVM, but for U2R attack SVM performs better.
In early days, only conventional approaches were used for network such as encryption, firewalls, virtual private network etc. but they were not enough to secure network completely. It is difficult to depend completely on
Š 2017, IRJET
|
Impact Factor value: 5.181
|
ISO 9001:2008 Certified Journal
| Page 1860