Intrusion Detection System: A Survey Using Data Mining and Learning Methods

In spite of growing information system widely, security has remained one hard-hitting area for computers as well as networks. In information protection, Intrusion Detection System (IDS) is used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining is an efficient artifice applied to intrusion detection to ascertain a new outline from the massive network data as well as it used to reduce the strain of the manual compilations of the normal and abnormal behavior patterns. Intrusion Detection System (IDS) is an essential method to protect network security from incoming on-line threats. Machine learning enable automates the classification of network patterns. This piece of writing reviews the present state of data mining techniques and compares various data mining techniques used to implement an intrusion detection system such as, Support Vector Machine, Genetic Algorithm, Neural network, Fuzzy Logic, Bayesian Classifier, K- Nearest Neighbor and decision tree Algorithms by highlighting a advantage and disadvantages of each of the techniques. This paper review the learning and detection methods in IDS, discuss the problems with existing intrusion detection systems and review data reduction techniques used in IDS in order to deal with huge volumes of audit data. Finally, conclusion and recommendation are included. Keywords: Classification, Data Mining, Intrusion Detection System, Security, Anomaly Detection, Types of attacks, Machine Learning Technique

ESTUDIO COMPARATIVO DE TÉCNICAS DE ENTRENAMIENTO Y CLASIFICACIÓN EN SISTEMAS DE DETECCIÓN DE INSTRUSOS (IDS), BASADOS EN ANOMALIAS DE RED.

Maestría en Ingeniería (Énfasis en Redes y Software)The main motivation of this investigation was the implementation of the Draper method applied to intrusion detection systems in different training and classification techniques in order to identify the best intrusion detection model with the objective of improving detection rates of attacks in computer network systems, using a procedure of selection of characteristics and different methods of algorithms of unsupervised trainings, in this case was used the technique INFO.GAIN identifying that the number of optimal characteristics is 15. Consequently, a neural network using a non-supervised learning algorithm (GHSOM, RANDOM FOREST, BAYESIAN NETWORKS, NAIVE BAYES, C4.5, LOGISTIC, PART AND NBTREE) for the purpose of classifying bi-class traffic automatically. obtained the best technique of training and classification using the selection technique In INFO.GAIN with 15 characteristics and cross validation 10 pligues, was the RANDOM FOREST technique.La principal motivación de esta investigación ha sido la implementación del método Draper aplicado a los sistemas de detección de intrusos en distintas técnicas de entrenamiento y clasificación con el propósito de identificar el mejor modelo de detección de intrusiones con el objetivo de mejorar las tasas de detección de ataques en sistemas de redes computacionales, utilizando un procedimiento de selección de características y distintos métodos de algoritmos de entrenamientos no supervisados, en este caso se utilizó la técnica INFO.GAIN identificando que el número de características óptimo es 15. En consecuencia, se entrenó una red neuronal que utilizan un algoritmo de aprendizaje no supervisado (GHSOM, RANDOM FOREST, REDES BAYESIANAS, NAIVE BAYES, C4.5,LOGISTIC, PART Y NBTREE ), con el propósito de clasificar el tráfico bi-clase de forma automática, Como resultado se obtuvo que la mejor técnica de entrenamiento y clasificación utilizando la técnica de selección INFO.GAIN a 15 características y validación cruzada 10 pligues, fue la técnica RANDOM FOREST