The Designation of Intrusion Detection System Model Based on Data Mining

2014 ◽  
Vol 543-547 ◽  
pp. 3532-3536
Author(s):  
Yan Jun Zhao ◽  
Ming Jun Wei
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
System Model ◽  
Rule Base ◽  
Model Based ◽  
Network Intrusion

On the basis of further analyzing the operational mechanism of the existing intrusion detection system model, in allusion to the existing problem the powerless ,high false negative rate, low detection efficiency and the lack of the rule base automatic extension mechanism to unknown aggressive behavior for existing detection mechanisms, Combining the relevant knowledge of data mining technology, then to design one improved network intrusion detection system model based on data mining, combined misuse detection and anomaly detection. Finally, we carry out a detailed introduction to the associated modules of work processes and work steps.

A Prototype for Network Intrusion Detection System using Danger Theory

2015 ◽  
Vol 73 (2) ◽  
Author(s):  
Raed Al-Dhubhani ◽  
Norbik Bashah Idris ◽  
Faisal Saeed
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
Network Intrusion Detection ◽  
Danger Theory ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset.  

Sign in / Sign up

Export Citation Format

Share Document