Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree

Although intelligent intrusion and detection strategies are used to detect any false alarms within the network critical segments of network infrastructures, reducing false positives is still a major challenge. Up to this moment, these strategies focus on either detection or response features, but of...

Full description

Saved in:
Bibliographic Details
Main Authors: Anuar, N.B., Sallehudin, H., Gani, Abdullah, Zakari, O.
Format: Article
Language:English
Published: 2008
Subjects:
Online Access:http://eprints.um.edu.my/4497/1/2008_Identifying_false_alarm_for_Network_Intrusion_Detection_Sysytem_Using_Hybrid_Data_Mining_and_Decision_Tree.pdf
http://eprints.um.edu.my/4497/
http://wseas.us/e-library/conferences/2008/bucharest2/dncoco/dncoco03.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Although intelligent intrusion and detection strategies are used to detect any false alarms within the network critical segments of network infrastructures, reducing false positives is still a major challenge. Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the abovementioned constraints, this paper proposes a strategy to focus on detection involving statistical analysis of both attack and normal traffics based on the training data of KDD Cup 99. This strategy also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification. As a result, the statistical analysis can be manipulated to reduce misclassification of false positives and distinguish between attacks and false positives for the data of KDD Cup 99. Therefore, this strategy can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical segments of network, application and database infrastructures.