Author, Subjects, Keywords

Cited Author

 
 
   » By Author or Editor
 » Browse Author by Alphabet
 » By Journal
 » By Subjects
 » Malaysian Journals
 » By Type
 » By Year
 » By Latest Additions
 
 
   » By Author
 » Top 20 Authors
 » Top 20 Article
 » Top Journal Cited
 » Top Article Cited
 » Journal Citation Statistics
 » Usage Since Sept 2007


 
 
 

Login | Create Account

Identifying False Alarm for Network Intrusion Detection System Using Hybrid Data Mining and Decision Tree

Nor Badrul Anuar, and Hasimi Sallehudin, and Abdullah Ghani, and Omar Zakaria, (2008) Identifying False Alarm for Network Intrusion Detection System Using Hybrid Data Mining and Decision Tree. Malaysian Journal of Computer Science, 21 (2). pp. 110-115. ISSN 0127-9084

[img]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
228Kb

Official URL: http://ejum.fsktm.um.edu.my/ArticleInformation.aspx?ArticleID=673

Affiliations

University of Malaya. Faculty of Computer Science & Information Technology
Institut Tadbiran Awam Malaysia
University of Malaya. Faculty of Computer Science & Information Technology
University of Malaya. Faculty of Computer Science & Information Technology

Abstract

Although intelligent intrusion and detection strategies are used to detect any false alarms within the network critical segments of network infrastructures, reducing false positives is still a major challenge. Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the above mentioned constraints, this paper proposes a strategy to focus on detection involving statistical analysis of both attack and normal traffics based on the training data of KDD Cup 99. This strategy also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification. As a result, the statistical analysis can be manipulated to reduce misclassification of false positives and distinguish between attacks and false positives for the data of KDD Cup 99. Therefore, this strategy can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical segments of network, application and database infrastructures.

Item Type:Journal
Keywords:False Positive, False Negative, Intrusion Detection, Data Mining, Decision Tree, Rule-Based
Subjects:Q Science, Computer Science
ID Code:5023

[1] Ajith Abraham, Ravi. Jain, Soft Computing Models for Network Intrusion Detection Systems. Classification and Clustering for Knowledge Discovery, Saman Halgamuge and Lipo Wang (Eds.), Studies in Computational Intelligence, Vol. 4, Springer Verlag Germany, 2005, ISBN:3-540-26073-

0, Chapter 13, pp. 187-204.

[2] Gowadia, V., Farkas, C., and Valtorta, M., Paid: A probabilistic agent-based intrusion detection system. Journal of Computers and Security, 2005.

[3] Hasimi Sallehudin, “Pengenalpastian Amaran Palsu Positif Menggunakan Penggalian Data dan Pepohon Keputusan”. University of Malaya. 2008 Chapter 4, pp.91[Internet] http://dspace.fsktm.um.edu.my/xmlui/handle/1812/131 [Last visit: 09 October 2008].

[4] Hettich, S. and Bay, S. D.,The UCI KDD Archive Irvine, CA: University of California, Irvine, KDD Cup 1999 Data, 5th International Conference on Knowledge Discovery and Data Mining, 1999.

[5] Kendall, K. 1999, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, 1999.

[6] Malaysian Computer Emergency Response Team (MyCERT), 2007 http://www.mycert.org.my [Lastvisit: 05-12-2007].

[7] Moulton, R.T., “Network Security”, Datamation, Vol.29, No.7, 1983, pp.121-127.

[8] MIT Lincoln Laboratory, DARPA Intrusion Detection Evaluation. [Internet] http://www.ll.mit.edu/IST/ideval [Last visit: 06-12-2007].

[9] Nilsson, N., Introduction to Machine Learning. Stanford University, 1996. [Internet]http://ai.stanford.edu/~nilsson/MLDraftBook/MLBOOK.pdf.[Last visit: 05-12-2007].

[10] Rebecca Base and Peter Mell, NIST Special Publication on Intrusion Detection Systems. Infidel, Inc., Scotts Valley, CA and National Institute of Standards and Technology, 2001.

[11] Rietta, F., Application layer intrusion detection for sql injection. Proceedings of the 2006 ACM Symposium of Applied Computing (ACMSE-2006).

[12] RuleQuest, (2007) [Internet] http://www.RuleQuest.com [Last visit 06-12-2007].

[13] Securityfocus, (2007). [Internet] http://www.securityfocus.com/infocus/1463 [Last visit: 16-1-2008].

[14] Varine, B., Intrusion Detection FAQ: Should we outsource monitoring? SANS Institute, 2001 [Internet] http://www.sans.org/resources/idfaq/outsource.php.[Last visit: 05-12-2007].

[15] Wenke Lee, Sal Stolfo and Kui Mok, A Data Mining Framework for Building Intrusion Detection Models. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1999.

Repository Staff Only: item control page
 
 
 
 
 
 
© Copyright 2007 MyAIS Faculty of Computer Science and Information Technology, University of Malaya – All Rights Reserved. Malaysian Abstracting and Indexing System is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.