Towards Integrating Data Mining with Knowledge Based System: The Case of Network Intrusion detection
No Thumbnail Available
Date
2013-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Network intrusion is one of cyber attacks which bypass the security mechanisms of computer systems. Protection of such types of attacks ensures organizations from unplanned shut down of networks which have otherwise bad consequent on the organization. Intrusion detection systems respond to malicious activities. Misuse detection searches for patterns or user behaviors that match known intrusion scenarios, which are stored as signatures. Anomaly detection keeps normal behavior of network and it label as an attack behaviors which are beyond this. Data mining has been used for intrusion detection systems due to the fact that they are generally more precise and require far less manual processing and input from human experts. But researches which employed data mining for intrusion detection merely generate patterns and they lack in utilizing the knowledge.
In this study, rule based intrusion detection and advising knowledge based system is proposed. The system is aiming at utilizing hidden knowledge extracted by employing induction algorithm of data mining, specifically JRip from sampled KDDcup‘99 intrusion data set. The integrator application then links the model created by JRip classifier to knowledge based system so as to add knowledge automatically. In doing so, the integrator understands the syntax of JRip classifier and PROLOG and converts from rule representation in JRip to PROLOG understandable format.
Finally, the performance of the system is evaluated by preparing test cases. Twenty test cases are prepared for system performance test and provided to domain experts. For user acceptance test users are trained and evaluated the system. Generally the system has scored 80.5% overall performance which is a promising result. But further exploration has to be done to refine the knowledge base and boost the advantages of integrating data mining induced knowledge with knowledge based system.
Keywords:- Intrusion detection, data mining, knowledge based system, Integrator
Description
Keywords
Intrusion detection, data mining,, knowledge based system, Integrator