Authors
Abstract
Different soft-computing based methods have been proposed in recent years
for the development of intrusion detection systems. The purpose of this work is to
development, implement and evaluate an anomaly off-line based intrusion
detection system using three techniques; data mining association rules, decision
trees, and artificial neural network, then comparing among them to decide which
technique is better in its performance for intrusion detection system. Several
methods have been proposed to modify these techniques to improve the
classification process. For association rules, the majority vote classifier was
modified to build a new classifier that can recognize anomalies. With decision
trees, ID3 algorithm was modified to deal not only with discreet values, but also
to deal with numerical values. For neural networks, a back-propagation algorithm
has been used as the learning algorithm with different number of input patterns
(118, 51, and 41) to introduce the important knowledge about the intruder to the
neural networks. Different types of normalization methods were applied on the
input patterns to speed up the learning process. The full 10% KDD Cup 99 train
dataset and the full correct test dataset are used in this work. The results of the
proposed techniques show that there is an improvement in the performance
comparing to the standard techniques, furthermore the Percentage of Successful
Prediction (PSP) and Cost Per Test (CPT) of neural networks and decision trees
are better than association rules. On the other hand, the training time for neural
network takes longer time than the decision trees.
Keywords
)
