Intrusion detection and attack classifier based on three techniques : a comparative study

Abstract EN

Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems.

The purpose of this work is to development, implement and evaluate an anomaly off-line based intrusion detection system using three techniques; data mining association rules, decision trees, and artificial neural network, then comparing among them to decide which technique is better in its performance for intrusion detection system.

Several methods have been proposed to modify these techniques to improve the classification process.

For association rules, the majority vote classifier was modified to build a new classifier that can recognize anomalies.

With decision trees, ID3 algorithm was modified to deal not only with discreet values, but also to deal with numerical values.

For neural networks, a back-propagation algorithm has been used as the learning algorithm with different number of input patterns (118, 51 and 41) to introduce the important knowledge about the intruder to the neural networks.

Different types of normalization methods were applied on the input patterns to speed up the learning process.

The full 10% KDD Cup 99 train dataset and the full correct test dataset are used in this work.

The results of the proposed techniques show that there is an improvement in the performance comparing to the standard techniques, furthermore the Percentage of Successful Prediction (PSP) and Cost Per Test (CPT) of neural networks and decision trees are better than association rules.

On the other hand, the training time for neural network takes longer time than the decision trees.