Data mining approach for hybrid intrusion detection system

Abstract

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system The intrusion detection system detects network attacks against vulnerable services data driven attacks on applications host based attacks such as privilege escalation unauthorized logins and access to sensitive files and malware It operates either at the host level or at the network level using either misuse or signature based detection or anomaly detection Normally attacks that cannot be detected by network based intrusion detection system can be detected by a host based intrusion detection system and vice versa In each level the attacks can be detected by intrusion detection technique namely misuse detection or anomaly detection Misuse detection can detect only known attacks with high detection accuracy whereas anomaly detection can detect both known and unknown attacks with high false positive rate To resolve the shortcomings of these individual intrusion detection systems this research work proposes a novel data mining based hybrid intrusion detection system In this research work an intelligent hybrid architecture is proposed to integrate detection techniques as well as levels of intrusion detection system For this purpose data mining approaches such as classification and clustering algorithms have been proposed and implemented for feature selection misuse detection and anomaly detection