Abstract:
Intrusion detection is an important technology in business sector as well as an active area of research. It is also an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions. Network intrusion detection systems have become a standard component in security Infrastructures. Unfortunately, current systems are poor at detecting novel attacks without an unacceptable level of false alarms.
This study undertakes a retrospective data analysis following Hybrid DM model. Hybrid model combines the aspects of both academic and industrial models resulting in providing more general, research-oriented description of steps. The data set in this study is taken from university of Gondar data center network appliance. After taking the data, it has been preprocessed. The major preprocessing activities include filling missing values, removing outliers and resolving inconsistencies.
In this study the researcher used the available intrusion detection data sets from university of Gondar Data center. The researcher has taken 7345 records which are labeled as Normal, DOS, U2R, R2L and Prob. For supervised modeling, the 6461 records are taken. For building a predictive model for intrusion detection J48 decision tree and the Naïve Bayes algorithms have been tested as a classification approach with and without feature selection approaches.
The model that was created using 10-fold cross validation using the J48 decision tree algorithm with the default parameter values showed the best classification accuracy of 94.40% on the training datasets to classify the new instances as normal, DOS, U2R, R2L and probe classes. The findings of this study have shown that the data mining methods generates interesting rules that are crucial for intrusion detection in the networking industry. Future research directions are forwarded to come up an applicable system in the area of the study.