Design and development of a prototype application for intrusion detection using data mining

Abstract

In the world of communication, security is a big concern. Most of our crucial data is stored in a computer system and in most cases we exchange it over a network. But it's not just our data transmitting over the network but different types of attacks too. These attacks can harm our stored data. Monitoring computer system and its logs (administration logs, security logs, system logs, network logs) and protecting our crucial data is necessary. For these necessities we use intrusion detection system. An intrusion detection system is an application that provides protection from malicious activities or policy violations and generates various rules to defend computer security. Intrusion detection system can be designed and developed on any platform but for its better functionality we are using data mining technique. In past years, many techniques have been introduced to improvise the detection rate. Earlier, in the initial stages of its designing, hardware had to be installed to detect and monitor the system. But, with the help of data mining it has become easier to work with software and algorithm development. In the recent trends, many new algorithms have been introduced to increase its efficiency. They are categorized under machine learning algorithms: supervised, unsupervised and hybrid. Though hybrid has not yet been categorized finely but various authors have used it by merging different machine learning algorithms. Machine learning algorithms provide a process of detecting intrusion and generating rules for its detection and prevention. Rule generation is defined by association rule mining and apriori algorithm. An intrusion detection system is not a new application but developing a prototype which will work for the saved logs (administration logs, security logs and system logs) and monitor network logs on host system as well as on client system, so that the Intrusion detection system can alert the user on regular basis, is. In this paper we are using a hybrid machine learning algorithm following with rule generation algorithm to detect the intrusion in the network logs by training KDD dataset. Training and Testing KDD data set provides the way of analyzing the actual behavior and predicted behavior of the network logs. This paper shows the methodology and results in Netbeans IDE 8.1(Java platform using Weka library). Through the obtained results, it can be interpreted that optimal performance is obtained against most attacks after detection.