A proposal to detect computer worms (malicious codes)‎ using data mining classification algorithms

Abstract EN

Malicious software (malware) performs a malicious function that compromising a computer system’s security.

Many methods have been developed to improve the security of the computer system resources, among them the use of firewall, encryption, and Intrusion Detection System (IDS).

IDS can detect newly unrecognized attack attempt and raising an early alarm to inform the system about this suspicious intrusion attempt.

This paper proposed a hybrid IDS for detection intrusion, especially malware, with considering network packet and host features.

The hybrid IDS designed using Data Mining (DM) classification methods that for its ability to detect new, previously unseen intrusions accurately and automatically.

It uses both anomaly and misuse detection techniques using two DM classifiers (Interactive Dichotomizer 3 (ID3) classifier and Naïve Bayesian (NB) Classifier) to verify the validity of the proposed system in term of accuracy rate.

A proposed HybD dataset used in training and testing the hybrid IDS.

Feature selection is used to consider the intrinsic features in classification decision, this accomplished by using three different measures: Association rules (AR) method, ReliefF measure, and Gain Ratio (GR) measure.

NB classifier with AR method given the most accurate classification results (99%) with false positive (FP) rate (0%) and false negative (FN) rate (1%).