Proposal to Enhance NIDS | ||
| journal of kerbala university | ||
| Article 1, Volume 11, Issue 4, December 2015, Pages 145-151 PDF (0 K) | ||
| Abstract | ||
| Proposed work aim to build a proposed Gain Association Rules -Based Network Intrusion Detection System (GARNIDS). GARNIDS trend to enhance traditional NIDS through using three of data mining algorithms; these are: Gain which is measure the entropy for each feature to detect it is Domination Degree (DD) for each attack, then feeding these features with their DD to a proposed Gain Association Rule (GAR) algorithm that to rank the features according to two parameters (frequency and DD). Finally customize K Nearest Neighbor (KNN) as misuse classifier (detect the intrusions and specify their types) the proposal assume the k equal to 3. Many experimental works are conducted to evaluate the proposal over the KDD'99 dataset and show the efficiency of KNN through registering 86% of accuracy with all features, 90% of accuracy with 25 top features and the accuracy was 98% with 8 top features. Also the Detection Rate (DR) and False Alarm Rates (FAR) are both measured with those three cases and still KNN with the top 8 features is the higher in DR and lower in FAR. Finally when try the proposal in real-time with tcpdump the third case register higher accuracy (93%). | ||
| Keywords | ||
| NIDS; KNN; Gain; Feature selection; detection rate; accuracy | ||
|
Statistics Article View: 206 PDF Download: 114 |
||