Abstract
The increasing growth of wireless networking and new mobile computing devices has caused boundaries between trusted and malicious users to be blurred. The shift in security priorities from the network perimeter to information protection and user resources security is an open area for research which is concerned with the protection of user information’s confidentiality, integrity and availability. Intrusion detection systems are programs or software applications embedded in sophisticated devices to monitor the activities on networks or systems for security, policy or protocol violation or malicious activities detection. In this work, an intrusion detection model was proposed using C4.5 algorithm which was implemented with WEKA tool and RAPID MINER. The model showed good performance when trained and tested with validation techniques. Implementation of the proposed model was conducted on the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) dataset, an improved version of KDD 99 dataset, which showed that the proposed model approach has an average detection rate of 99.62% and reduced false alarm rate of 0.38%.
Highlights
Intrusion Detection Systems (IDS) are tools used to monitor and analyse events occurring on computer systems or networks for traces of possible illegal action
Intrusions can be initiated by authorized persons within the organisation (Malicious insider) misusing their authorization by accessing data or information that are beyond their area of authorization
A Kappa with negative value indicates worse agreement than that expected by chance; b) Relative Absolute Error is used to measure how close a classification is to the eventual outcome; c) Root Mean Square Error is used to measure a model’s accuracy; d) Root Relative Square Error is the average of the actual values; e) Confusion Matrix or Contingency Table is the representation of the number of instances correctly or incorrectly classified; f) Receiver Operating Characteristics (ROC) curve is used to compare two classification models
Summary
Intrusion Detection Systems (IDS) are tools used to monitor and analyse events occurring on computer systems or networks for traces of possible illegal action. The system which could be applied to both misuse and anomaly intrusion detection used the KDD ‘99 cup dataset to train and test the system while fuzzy set theory was combined with association rule mining algorithm to extract the rules with attributes of continuous value. Their proposed system was able to avoid sharp boundary problem, achieve increased detection rate and detection accuracy. Balaji and Kumar (2013) in their work used DARPA dataset to train and test a proposed hybrid model based on fuzzy logic and data mining, which could detect both misuse and anomaly attacks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
