Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Full Text (PDF, 767KB), PP.75-90

Views: 0 Downloads: 0

Author(s)

Chandrashekhar Azad 1,* Vijay Kumar Jha 1

1. Birla Institute of Technology Mesra, Ranchi, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2013.08.08

Received: 26 Sep. 2012 / Revised: 13 Feb. 2013 / Accepted: 1 Apr. 2013 / Published: 8 Jul. 2013

Index Terms

Anomaly Detection, Intrusion Detection, Misuse Detection, Data Mining

Abstract

In the era of information and communication technology, Security is an important issue. A lot of effort and finance are being invested in this sector. Intrusion detection is one of the most prominent fields in this area. Data mining in network intrusion detection can automate the network intrusion detection field with a greater efficiency. This paper presents a literature survey on intrusion detection system. The research papers taken in this literature survey are published from 2000 to 2012. We can see that almost 67 % of the research papers are focused on anomaly detection, 23 % on both anomaly and misuse detection and 10 % on misuse detection. In this literature survey statistics shows that 42 % KDD cup dataset, 20 % DARPA dataset and 38 % other datasets are used by the different researchers for testing the effectiveness of their proposed method for misuse detection, anomaly detection or both.

Cite This Paper

Chandrashekhar Azad, Vijay Kumar Jha, "Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets", International Journal of Information Technology and Computer Science(IJITCS), vol.5, no.8, pp.75-90, 2013. DOI:10.5815/ijitcs.2013.08.08

Reference

[1]http://en.wikipedia.org/wiki/Intrusion_detection_system.

[2]http://www.windowsecurity.com/articles/IDS-Part2-Classification-methods-techniques.html. 

[3]Lippmann R. P., Fried D. J., Graf I., Haines J. W., Kendall K. R., McClung D., Weber D., Webster S. E., Wyschogrod D., Cunningham R. K., Zissman M. A. , Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation, Proceedings DARPA Information Survivability Conference and Exposition (DISCEX), IEEE Computer Society Press, Los Alamitos, CA (2000).

[4]Gomez J., Dasgupta D., Evolving Fuzzy Classifiers for Intrusion Detection, Proceedings of the 2002 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY June (2001).

[5]Balajinath B., Raghvan S. V., Intrusion detection through learning behavior model, Computer communication 24 (2001) 1202-1212.

[6]Ye N., A Scalable Clustering Technique for Intrusion Signature Recognition, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY.(2001).

[7]Zhang Z., Li J., Manikopoulos C. N., and Jorgenson J., Ucles J., HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY(2001).

[8]Hoang X. D., Hu J., Bertok P., Program based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference, Journal of Network and Computer Applications.32 (2002) 1219–1228.

[9]Jha S., Hassan M., Building agents for rule-based intrusion detection system, Computer Communication. 25(2002) 1366-1367. 

[10]Florez G., Bridges S. M., Vaughn R. B., An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection. IEEE. (2002).

[11]Helmer G., Wong J. S. K., Honavar V., Miller L., Automated discovery of concise predictive rules for intrusion detection, The Journal of Systems and Software 60 (2002) 165–175.

[12]Ye N., Emran S. M., Chen Q., Vilbert S., Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection, IEEE Transactions on computers.51(2002).

[13]Yeung D., Ding Y., Host-based intrusion detection using dynamic and static behavioral models, Pattern Recognition. 36 (2003) 229 – 243.

[14]Jun S., Cho S., Detecting intrusion with rule based integration of multiple models, Computers and security, 22 (2003) 613-623.

[15]Feng L., Guan X., Guo S., Gao Y., Liu P., Predicting the intrusion intentions by observing system call sequences, Computers & Security .23(2004)241-252

[16]Estevez-Tapiador J. M., Garcıa-Teodoro P., Dıaz-Verdejo J. E, Measuring normality in HTTP traffic for anomaly-based intrusion detection, Computer Networks 45 (2004) 175–193.

[17]Wang W., Guan X., Zhang X., A Novel Intrusion Detection Method Based on Principle Component Analysis in Computer Security, Springer-Verlag Berlin Heidelberg (2004) 657–662.

[18]Xiang C., Chong M. Y., Zhu H. L., Design of Multiple-Level Tree Classifiers for Intrusion Detection System, Proceedings of the 2004 IEEE Conference on Cybernetics and Intelligent Systems Singapore, (2004).

[19]Depren O., Topallar M., Anarim E., Ciliz M. K., An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks, Signal Processing.85 (2005) 463–479.

[20]Jiang S. Y., Song X., Wang H., Han J. J., Li Q. H., A clustering-based method for unsupervised intrusion detections, Pattern Recognition Letters. 27 (2006) 802–810.

[21]Perdisci R., Giorgio G., Roli F., Alarm clustering for intrusion detection systems in computer networks, Engineering Applications of Artificial Intelligence. 19 (2006) 429–438.

[22]Tsang C., Kwong S., Wang H., Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection, Pattern Recognition. 40 (2007) 2373 – 2391.

[23]Kayacik H. G., Zincir-Heywood A. N., Heywood M. I., A hierarchical SOM-based intrusion detection system, Engineering Applications of Artificial Intelligence. 20 (2007) 439–451.

[24]Powers S. T., He J., A hybrid artificial immune system and Self Organizing Map for network intrusion detection, Information Sciences. 178 (2008) 3024–3042.

[25]Ramachandran C., Misra S., Obaidat M. S., FORK: A novel two-pronged strategy for an agent-based intrusion detection scheme in ad-hoc networks, Computer Communications. 31 (2008) 3855–3869.

[26]Xiang C., Yong P. C., Meng L. S., Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees, Pattern Recognition Letters .29 (2008) 918–924.

[27]Hoang X. D., Hu J.,Bertok P., A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference , Journal of Network and Computer Applications. 32 (2009) 1219–1228.

[28]Tsai C., Lin C., A triangle area based nearest neighbors approach to intrusion detection, Pattern Recognition. 43 (2010) 222 – 229.

[29]Chen C., Chen Y., Lin H., An efficient network intrusion detection, Computer Communications. 33 (2010) 477–484.

[30]Wang G.,Hao J., Ma J.,Huang L., A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering, Expert Systems with Applications 37 (2010) 6225–6232.

[31]Mok M. S., Sohn S. Y., Ju Y. H., Random effects logistic regression model for anomaly detection, Expert Systems with Applications. 37 (2010) 7162–7166.

[32]Lee S., Kim G., Kim S., Self-adaptive and dynamic clustering for online anomaly detection, Expert Systems with Applications. 38 (2011) 14891–14898.

[33]Casas P., Mazel J., Owezarski P., Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge, Computer Communications. 35 (2012) 772–783.

[34]Devarakonda N., Pamidi S., V. V. K., A. G. , Intrusion Detection System using Bayesian Network and Hidden Markov Model, Procedia Technology. 4 (2012) 506 – 514.

[35]Kavitha B.,Karthikeyan D. S., Maybell P. S. , An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier, Knowledge-Based Systems. 28 (2012) 88–96.

[36]Gong M., Zhang J., Ma J., Jiao L., An efficient negative selection algorithm with further training for anomaly detection, Knowledge-Based Systems. 30 (2012) 185–191.

[37]Pastrana S., Mitrokotsa A., Orfila A., Peris-Lopez P., Evaluation of classification algorithms for intrusion detection in MANETs, Knowledge Based Systems. 36 (2012) 217–225.

[38]Pereira C. R., Nakamura R. Y. M., Costa K. A. P., Papa J. P., An Optimum Path Forest framework for intrusion detection in computer networks, Engineering Applications of Artificial Intelligence. 25 (2012) 1226–1234.

[39]Sindhu S. S. S., Geetha S., Kannan A., Decision tree based light weight intrusion detection using a wrapper approach, Expert Systems with Applications. 39 (2012) 129–141.

[40]Kang I., Jeong M. K. , Kong D., A differentiated one-class classification method with applications to intrusion detection, Expert Systems with Applications. 39 (2012) 3899–3905.

[41]Li Y., Xia J., Zhang S., Yan J., Ai X., Dai K., An efficient intrusion detection system based on support vector machines and gradually feature removal method, Expert Systems with Applications .39 (2012) 424–430.

[42]Koc L., Mazzuchi T. A., Sarkani S., A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier, Expert Systems with Applications. 39 (2012) 13492–13500.

[43]Altwaijry H., Algarny S., Bayesian based intrusion detection system, Journal of King Saud University – Computer and Information Sciences .24 (2012), 1–6.

[44]Jamdagni A., Tan Z., He X., Nanda P., Liu R. P., RePIDS: A multi tier Real-time Payload-based Intrusion Detection System, Computer Networks (2012) .

[45]Chung Y. Y., Wahid N., A hybrid network intrusion detection system using simplified swarm optimization (SSO), Applied Soft Computing 12 (2012) 3014–3022.

[46]Lin S., Ying k., Lee C., Lee Z., An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection, Applied Soft Computing. 12 (2012) 3285–3290.

[47]Zheng L., Zou P., Jia Y., Han W., Traffic Anomaly Detection and Containment Using Filter-Ary-Sketch. 2012 International Workshop on Information and Electronics Engineering (IWIEE), Procedia Engineering. (2011).

[48]Chetan R., Ashoka D.V., Data Mining Based Network Intrusion Detection System: A Database Centric Approach. 2012 International Conference on Computer Communication and Informatics (ICCCI -2012). (2012)

[49]Brauckhoff D., Dimitropoulos X., Wagner A. , Salamatian K. , Anomaly Extraction in Backbone Networks Using Association Rules, IEEE/ACM Transactions on networking.

[50]Om H., Kundu A., A Hybrid System for Reducing the False Alarm Rate of Anomaly Intrusion Detection System, 1st Int’l Conf. on Recent Advances in Information Technology. (2012).

[51]Sharma M., Toshniwal D., Pre-Clustering Algorithm for Anomaly Detection and clustering that uses variable size buckets, 1st Int’l Conf. on Recent Advances in Information Technology. (2012).

[52]Sharma S. K., Pande P., Tiwari S. K., Sisodiai M. S., An Improved Network Intrusion Detection Technique based on k-Means Clustering via Naive Bayes Classification. IEEE-International Conference On Advances In Engineering, Science And Management.(2012). 

[53]Barbara B., Couto J., and Jajodia S., Wu N. , ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection,SIGMOD Record. 30 (2001) 15-24.

[54]Ning P., Jajodia S., Wang X. S., design and implementation of decentralized prototype system for detecting distributed attacks. Computer Communication. 25 (2002) 1374-1391.

[55]GuanY., Ghorbani A., Belacel N. , Y-Means: A Clustering Method for Intrusion Detection , Canadian Conference on Electrical and Computer Engineering. Montréal, Québec, Canada, (2003).

[56]Abadeh M. S., Habibi J.,Barzegar Z.,Sergi M., A parallel genetic local search algorithm for intrusion detection in computer networks, Engineering Applications of Artificial Intelligence. 20 (2007) 1058–1069.

[57]Sangkatsanee P., Wattanapongsakorn N., Charnsripinyo C., Practical real-time intrusion detection using machine learning approaches, Computer Communications. 34 (2011) 2227–2235.

[58]Abadeh M. S., Mohamadi H., Habibi J., Design and analysis of genetic fuzzy systems for intrusion detection in computer networks, Expert Systems with Applications. 38 (2011) 7067–7075.

[59]Boulaiche A., Bouzayani H. , Adi K. , A quantitative approach for intrusions detection and prevention based on statistical n-gram models, The 3rd International Conference on Ambient Systems, Networks and Technologies (ANT), Procedia Computer Science .10 ( 2012 ) 450 – 457.

[60]Mohammed M. N., Sulaiman N., Intrusion Detection System Based on SVM for WLAN, Procedia Technology. 1 (2012) 313 – 317.

[61]Lee W., A Framework for Constructing Features and Models for Intrusion Detection Systems, ACM Transactions on Information and System Security. 3(2001) 227-261.

[62]Liao Y., Vemuri R. V., Use of K-Nearest Neighbor classifier for intrusion detection,Computers & Security. 21 (2002) 439-448.

[63]Joo D., Hong T., Han I., The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors, Expert Systems with Applications .25 (2003) 69–75 .

[64]Qin M., Hwang K., Frequent Episode Rules for Intrusive Anomaly Detection with Internet Data mining, USENIX Security Symposium.(2004).

[65]Siraj A., Vaughn R. B., Bridges S. M., Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture, Proceedings of the 37th Hawaii International Conference on System Sciences. (2004).

[66]Dasgupta D., Gonzalez F., Yallapu K., Gomez J.,Yarramsettii R., CIDS: An agent-based intrusion detection system, Computers & Security .24(2005) 387-398.

[67]Aydın M. A., Zaim A. H., Ceylan K. G., A hybrid intrusion detection system design for computer network security, Computers and Electrical Engineering. 35 (2009) 517–526.

[68]Chou T., Chou T., Hybrid Classifier Systems for Intrusion Detection, 2009 Seventh Annual Communications Networks and Services Research Conference.(2009).

[69]Shanmugam B.,Idris N. B., Improved Intrusion Detection System using Fuzzy Logic for Detecting Anamoly and Misuse type of Attacks, 2009 International Conference of Soft Computing and Pattern Recognition.(2009).

[70]Mabu S., Chen C., Lu N., Shimada K., Hirasawa K., An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming, IEEE Transactions on systems, MAN, and Cybernetics—Part C: Applications and Reviews. 41(2011).

[71]Soleimani M., Ghorbani A. A., Multi-layer episode filtering for the multi-step attack detection, Computer Communications. 35 (2012) 1368–1379.

[72]Lei Z. J., Ghorbani A. A., Improved competitive learning neural networks for network intrusion and fraud detection, Neurocomputing. 75 (2012) 135–145.

[73]Anming Z., An Intrusion Detection Algorithm Based On NFPA, 2012 International Conference on Medical Physics and Biomedical Engineering, Physics Procedia. 33 (2012) 491 – 497.

[74]Pandaa M., Abrahamb A., Patrac M. R., A Hybrid Intelligent Approach for Network Intrusion Detection, International Conference on Communication Technology and System Design 2011. Procedia Engineering. 30 (2012) 1 – 9.

[75]Mukherjee D. S., Sharma N. , Intrusion Detection using Naive Bayes Classifier with Feature Reduction , Procedia Technology. 4 (2012) 119 – 128.

[76]Prasenna P., RaghavRamana A.V.T, Kumar R. K., Devanbu A., Network Programming And Mining Classifier For Intrusion Detection Using Probability Classification, Proceedings of the International Conference on Pattern Recognition, Informatics and Medical Engineering.( 2012).

[77]Hussein S. M., Ali F. H. M., Kasiran Z., Evaluation Effectiveness of Hybrid IDS Using Snort with Naive Bayes to Detect Attacks, IEEE.(2012).