Association Rule-Mining-Based Intrusion Detection System With Entropy-Based Feature Selection: Intrusion Detection System

Association Rule-Mining-Based Intrusion Detection System With Entropy-Based Feature Selection: Intrusion Detection System

Devaraju Sellappan (Sri Krishna Arts and Science College, Coimbatore, India) and Ramakrishnan Srinivasan (Dr. Mahalingam College of Engineering and Technology, Pollachi, India)
DOI: 10.4018/978-1-7998-1290-6.ch001

Abstract

Intrusion detection system (IDSs) are important to industries and organizations to solve the problems of networks, and various classifiers are used to classify the activity as malicious or normal. Today, the security has become a decisive part of any industrial and organizational information system. This chapter demonstrates an association rule-mining algorithm for detecting various network intrusions. The KDD dataset is used for experimentation. There are three input features classified as basic features, content features, and traffic features. There are several attacks are present in the dataset which are classified into Denial of Service (DoS), Probe, Remote to Local (R2L), and User to Root (U2R). The proposed method gives significant improvement in the detection rates compared with other methods. Association rule mining algorithm is proposed to evaluate the KDD dataset and dynamic data to improve the efficiency, reduce the false positive rate (FPR) and provides less time for processing.
Chapter Preview
Top

There are various techniques have been proposed. They are statistical methods, neural network, data mining etc. In this section, the various techniques used for intrusion detection systems are discussed.

C-Means Clustering was applied for intrusion detection which uses minimum testing dataset and reducing the features by using reduction algorithm to improve the detection time (Minjie & Anqing, 2012). A novel twin support vector machine and SVM were used to overcome the normal traffic patterns and classification accuracy (Nie & He, 2010; Srinivas, Andrew & Ajith, 2004; Sumaiya & Aswani, 2017). Hidden Markov Model was used to implement and determine the system call based anomaly intrusion detection system (Jiankun, Xinghuo, Qiu & Chen, 2009; Xie & Yu, 2008). Conditional Random Fields and Layered Approach were demonstrated the attack detection accuracy by KDD cup ’99 dataset (Gupta & Kotagiri, 2010). The Genetic Algorithm was used to detect the intrusion which considers both temporal and spatial information of network connections during the encoding of the problem (Wei, 2004; Jiang & Junhu, 2009).

Complete Chapter List

Search this Book:
Reset