Integrating Descriptive Modelling with Case Based Reasoning in Network Intrusion Detection

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Nowadays, because of the advanced use of the Internet, number of applications including but not limited to e-commerce, online shopping, Internet banking are virtualized which required more secured network. As these operations increases, computer crimes and attacks compromising the security and the trust of a computer system and causing costly financial losses become more frequent and dangerous. While a number of effective techniques exist for the prevention and detection of attacks, intrusion detection system has been considered the most promising methods for defending complex and dynamic intrusion behaviors. Intrusion detection systems gather information from a computer or network of computers and attempt to detect intruders or system abuse. Data Mining is extracting the information from the huge set of data. In other word, data mining is mining the knowledge from data. Knowledge based system is part of Artificial Intelligence. Knowledge based system has come across a variety of approaches based on the knowledge representation method; case-based reasoning (CBR) is one of the popular approach used in knowledge-based system. CBR is a problem solving strategy that uses previous cases to solve new problems. In this study, an integration of data mining with case based reasoning approach is proposed for network intrusion detection. The system is aiming at utilizing hidden knowledge extracted by employing descriptive algorithm of data mining, specifically K-means cluster from sampled KDDcup’99 intrusion dataset. Clustered case with centroid value is mapped to COLIBRI Studio IDE and then the integrator application creates using Eclipse IDE with JDK 6. The important part of a case based reasoning model includes case retrieval; the similarity measuring stage, reuse; which allows domain expert to transfer retrieval case solution to suit for the current case, revise; to test the solution and retain to store the confirmed solution to the case base for future use. The performance of the system is evaluated by preparing test cases. The system achieves 89.5% accuracy with an average Precision and Recall of 89% and 90%. For user acceptance testing users are trained and evaluated the system in which 95.5% score is obtained. This shows the system has registered a promising result. The similar cases are retrieved based on k-nearest neighbor similarity measure. So, further study has to be done to improve the retrieval process by applying ontology based retrieval.



Intrusion detection, data mining, case based intrusion detection, case based reasoning