Data Mining model in the discovery of trends and patterns of intruder attacks on the data network as a public-sector innovation

Abstract

Innovation in the public-sector refers to the development of important improvements in the public administration and their corresponding services. One of such public services is the social security, of which central process has been the information security of their offered services. The aim of the present study has been the analysis of the trends and the discovery of behavioural patterns in the attacks to the data network of an institution of the public-sector. To fulfil such objective, a model has been implemented on algorithms and data mining techniques, based on the Cross Industry Standard Process for Data Mining methodology. The model uses a free and open source network Intrusion Detection and Prevention System (IDS/IPS) for the capture of the logs of the attacks to the data network of the organization. This has been followed by a quantitative assessment of various algorithms of intrusion detection leading to the selection of J48 and REPTree as Data Mining algorithms with a level of insolence in instances properly classified by the lowest absolute error. The data were processed and served as input for the construction of rules. The resulting rules of the decision tree have been based on the principle of calculating the information gain via entropy and minimizing the error that arises from the variance. These rules were the product of applying machine learning on the logs analysed and they were subsequently translated and reprogrammed to the IDS/IPS in order to assess the efficiency of the model. The results demonstrate a significant improvement of some 67% in detection of attacks in relation to the traditional IDS. Consequently, we extrapolated a wide difference in behaviour and trends with the use of a traditional system compared to that generated by Data Mining.