Design and Implementation of a Data Mining-Based Network Intrusion Detection Scheme

摘要

A significant security problem for networked systems is hostile trespass by users or software. Intruder is one of the most publicized threats to security. In actual fact, most of the current systems are weak at detecting novel attacks without generating false alarms. Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to intrusion detection are currently being used which are relatively ineffective. Likewise, data mining plays a driving role in data analysis. This study addresses this issue and proposes a data mining-based intrusion detection system. The data mining techniques being investigated include decision tree (C5.0 algorithm) and distance based clustering (Tow-steps algorithm). The proposed hybrid system combines anomaly and misuse detection. Experiments are performed on both real network data for Sudan University of Science and Technology (SUST) network and Defense Advanced Research Projects Agency (DARPA) dataset which is considered as the most famous available off-line intrusion detection evaluation dataset. The obtained results confirm that data mining is capable of discovering attacks with acceptable level of false alarms.