Article Preview
TopRecently, data mining is becoming an important component in intrusion detection systems (Li, 2009). IDES (Denning, 1987) is the first model of IDS. This model uses statistical techniques to characterize abnormal behavior and is based on rules to detect violations. NIDES (Javits and7 Valdes, 1993) are the successor of the IDES project. It has a strong base of anomaly detection, complemented with a component-based expert system signature. MADAM ID (Lee et al., 1998) is one of the best known data mining projects in intrusion detection. It is an off-line IDS using Association rules and frequent episodes. MADAM ID permits to replace hand-coded intrusion patterns and profiles with the learned rules. ADAM (Audit Data Analysis and Mining) (Barbara et al., 2001) is an on-line network based IDS. It allows detecting known attacks as well as unknown attacks. ADAM uses association rules and classification. IDDM (Abraham, 2001) is a real-time NIDS for misuse and anomaly detection. It applies association rules, Meta rules, and characteristic rules.
Common representations for data mining techniques have been proposed for intrusion detection and made great success. These techniques include neural networks (Lippmann, 2000), Support Vector Machine (SVM) (Eskin, 2002; Mukkamala, 2002) and neighbor-hood based classification (Law and7 Kwok, 2005; Li and7 Guo, 2007; Liao and7 Vemuri, 2002; Li, 2009; Xiang et al., 2008; Kuang and7 Zulkernine, 2008; Shirazi, 2009; Shirazi and7 Kalaji, 2010; Shirazi et al., 2012; Tsai and7 Lin 2010; Muda et al., 2011; Wang, 2011; Deepika and7 Richhariya, 1999; Natesan and7 Balasubramanie, 2012).