Title: Intrusion detection by initial classification-based on protocol type

Authors: D. Ashok Kumar; S.R. Venugopalan

Addresses: Department of Computer Science and Applications, Government Arts College, Tiruchirappalli – 620 022, India ' Aeronautical Development Agency, Ministry of Defence, Ministry of Defence, Govt. of India, P. B. No. 1718, Vimanpura Post, Bangalore – 560 017, India

Abstract: Increased use of computer networks, internet and online transactions pose higher risk of intrusions and protecting the information from the hackers/intruders is a new area in computers and network security. The major factors which affect intrusion detection are the system's detection rate and time required to detect intrusions. Many researchers have focused in this area and have used data mining techniques for detecting the intrusions. This paper proposes to classify the dataset initially based on 'protocol type' feature and the performance improvements over traditional way of considering the full data without initial classification. This paper does not advocate any techniques or algorithms, but establishes the fact that by splitting the dataset on Protocol Type feature enhances performance with respect to detection rate and time to build model for intrusion detection. In this study, the well-known KDD Cup 99 intrusion dataset has been tested with the proposed approach. The computational study reveals that the initial classification based on protocol type' attribute increases the performance with respect to rate of detection and time to build model.

Keywords: information security; intrusion detection; attacks; normal; naive Bayes; classification; protocol attributes; network security; protocol type.

DOI: 10.1504/IJAIP.2017.082973

International Journal of Advanced Intelligence Paradigms, 2017 Vol.9 No.2/3, pp.122 - 138

Received: 09 Feb 2016
Accepted: 28 May 2016

Published online: 01 Mar 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article