Authors: Alemtsehay Adhanom; Henock M. Melaku
Addresses: Electrical and Computer Engineering Department, Addis Ababa Institute of Technology, Addis Ababa University, Ethiopia ' Department of Computer Science, Institute of Technology, Ambo University, Ambo, Ethiopia
Abstract: The experience of deploying intrusion detection system (IDS) for securing computer system is being matured. There are knowledge-based (misuse) and anomaly IDS. In knowledge-based IDS, prior knowledge of the attack is needed for detection and during anomaly, behaviour of normal data is studied, when new data is arrived and there is a deviation, it is considered as an attack. In this thesis, we present a hybrid intrusion detection system called behavioural-based cyber intrusion detection system, based on two data mining algorithms, decision tree and association rule mining. The decision tree algorithm is used to detect misuse intrusions but it considers new attacks as normal. Association rule mining works by using the normal output of decision tree as input for further detection. Further, we implement the proposed model using java programming language. We have used a reduced and enhanced non-redundant NSL_KDD dataset for training and testing. Evaluation results show that it provides improved detection rate and lower false alarm rates.
Keywords: intrusion detection system; IDS; knowledge discovery data mining; genetic algorithm.
International Journal of Communication Networks and Distributed Systems, 2019 Vol.23 No.4, pp.473 - 498
Available online: 20 Sep 2019 *Full-text access for editors Access for subscribers Purchase this article Comment on this article