Article ID Journal Published Year Pages File Type
815817 Ain Shams Engineering Journal 2013 10 Pages PDF
Abstract

Many current NIDSs are rule-based systems, which are very difficult in encoding rules, and cannot detect novel intrusions. Therefore, a hybrid detection framework that depends on data mining classification and clustering techniques is proposed. In misuse detection, random forests classification algorithm is used to build intrusion patterns automatically from a training dataset, and then matches network connections to these intrusion patterns to detect network intrusions. In anomaly detection, the k-means clustering algorithm is used to detect novel intrusions by clustering the network connections’ data to collect the most of intrusions together in one or more clusters. In the proposed hybrid framework, the anomaly part is improved by replacing the k-means algorithm with another one called weighted k-means algorithm, moreover, it uses a proposed method in choosing the anomalous clusters by injecting known attacks into uncertain connections data. Our approaches are evaluated over the Knowledge Discovery and Data Mining (KDD’99) datasets.

Related Topics
Physical Sciences and Engineering Engineering Engineering (General)
Authors
, , , ,