Biomedical Engineering Reference
In-Depth Information
Introduction
Intrusion detection systems (IDSs) are important elements for computer networks
being one of the main security tools and organization of communication infra-
structures. An IDS is a mechanism which quietly listens to network traffic in order
to detect abnormal or suspicious activity. There are two distinct families of IDSs:
(1) N-IDS (network based) which handles security at the network level and (2) H-
IDS (host based) which handles security at host level. Intrusion detection is a
technique for protecting the system when a network is being used by an unau-
thorized person.
Traditionally, the intrusion detection technique has been categorized in the
following ways: (1) Misuse detection : Misuse detection technique focuses on
developing a model of known attacks, i.e., in this we have predefined patterns of
abnormal files which can be described by specific patterns or sequences of the data
and elements. (2) Anomaly detection: The main aim of anomaly detection is to
identify cases that are abnormal within data and that are apparently uniform.
Anomaly detection is an important tool for detecting network intrusion and other
rare events that may have great impact, but are difficult to find. Anomaly detection
refers to the manner of finding patterns in data that are not conventional to the
expected behavior. Intrusion detection has emerged as a significant field of
research, because it is not theoretically possible to set up a system with no vul-
nerabilities. One main confrontation in intrusion detection is that we have to detect
the concealed attacks from a large quantity of routine communication activities.
Several machine learning (ML) algorithms, for instance Neural Network, Support
Vector Machine, Genetic Algorithm, Fuzzy Logic, and Data Mining and more,
have been extensively employed to detect intrusion activities, both known and
unknown, from large quantities of complex and dynamic data sets. Generating
rules is vital for IDSs to differentiate standard behaviors from strange behaviors by
examining the data set which is a list of tasks created by the operating system that
is registered into a file in historical sorted order. Various researches with data
mining as the chief constituent has been carried out to detect newly encountered
intrusions. The analysis of data to determine relationships and to discover con-
cealed patterns of data which otherwise would go unobserved is known as data
mining. Many researchers have used data mining to focus on the subject of
database intrusion detection in databases.
We have designed intrusion detection using KNN Classification and Dempster-
Shafer (DS) theory with fuzzy logic. The input to the proposed system is KDD Cup
1999 data set, which is separated into two subsets such as, training data set and
testing data set. Initially, the training data set is classified into five subsets, so that
four types of attacks—DoS (denial of service), R2L (remote to local), U2R (user to
root), Probe—and normal data are separated. After that, we simply mine the
one-length frequent items from attack data as well as normal data. These mined
frequent items are used to find the important attributes of the input data set and the
identified effective attributes are used to generate a set of definite and indefinite
Search WWH ::
Custom Search