Intrusion detection based on k-means clustering and OneR classification

Intrusion detection system (IDS) is used to detect various kinds of attacks in interconnected network. Many machine learning methods have also been introduced by researcher recently to obtain high accuracy and detection rate. Unfortunately, a potential drawback of all those methods is the rate of false alarm. However, our proposed approach shows better results, by combining clustering (to identify groups of similarly behaved samples, i.e. malicious and non-malicious activity) and classification techniques (to classify all data into correct class categories). The approach, KM+1R, combines the k-means clustering with the OneR classification technique. The KDD Cup '99 set is used as a simulation dataset. The result shows that our proposed approach achieve a better accuracy and detection rate, particularly in reducing the false alarm

A Prototype for Intrusion Detection in Wireless Sensor Networks Using Data Mining Methods

The Wireless Sensor Networks (WSNs) are highly distributed networks of tiny, light-weight wireless nodes, placed in large numbers to monitor the environment or system. Monitoring the system includes the measurement of physical parameters such as pressure, temperature, relative humidity and passing their data to the main node (sink). WSN faces various security attacks which can affect the overall performance and security of the system. So, it is necessary to detect and prevent the attacks on WSN. Intrusion Detection is one of the major and efficient method against attacks. Intrusion Detection Systems can act as a second line of defence and it provides security primitives to prevent attacks against computer networks. This paper focuses on a hybrid approach for intrusion detection system (IDS) based on data mining techniques. The approach is clustering analysis with the aim to improve the detection rate and decrease the false alarm rate

The Investigation of Student Dropout Prediction Model in Thai Higher Education Using Educational Data Mining: A Case Study of Faculty of Science, Prince of Songkla Uni-versity

The student’s retention rate is one of the challenging issues that representing the quality of the university. A high dropout rate of students affects not only the reputation of the university but also the students’ career in the future. Therefore, there is a need of student dropout analysis in order to improve the academic plan and management to reduce students drop out from the university as well as to  enhance the quality of the higher education system. Data mining technique provides powerful methods for analysis and the prediction the dropout. This paper proposes a model for predicting students’ dropout using the dataset from the representative of the largest public university in the Southen part of Thailand. In this study, data from Faculty of Science, Prince of Songkla University was collected from academic year of 2013 to 2017. The experiment result shows that JRip rule induction is the best technique to generate a prediction model receiving the highest accuracy value of 77.30%. The results highlight the potential prediction model that can be used to detect the early state of dropping out of the student which the university can provide supporting program to improve the student retention rat

Intrusion detection based on behavioral rules for the bytes of the headers of the data units in IP networks

Nowadays, communications through computer networks are of utmost importance for the normal functioning of organizations, worldwide transactions and content delivery. These networks are threatened by all kinds of attacks, leading to traffic anomalies that will eventually disrupt the normal behaviour of the networks, exploring specific breaches on a system component or exhausting network resources. Automatic detection of these network anomalies comprises one of the most important resources for network administration, and Intrusion Detection Systems(IDSs) are amongst the systems responsible for this automatic detection. This dissertation starts from the assumption that it is possible to use machine learning to, consistently and automatically, produce rules for an intrusion detector based on statistics for the first 64 bytes of the headers of Internet Protocol (IP) packets. The survey on the state of the art on related works and currently available IDSs shows that the specific approach taken here is worth to be explored. The decision tree learning algorithm known as C4.5 is identified as a suitable means to produce the aforementioned rules, due to the similarity between their syntax and the tree structure. Several rules are then devised using the ML approach for several attacks. The attacks were the same used in a previous work, in which the rules were devised manually. Both rule sets are then compared to show that, in fact, it is possible to construct rules using the approach taken herein, and that the rules created resorting to the C4.5 algorithm are superior to the ones devised after thorough human analysis of several statistics calculated for the bytes of the headers of the packets. To compare them, each rule set was used to detect intrusions in third party traces containing attacks and in live traffic during simulation of attacks. Most of the attacks producing noticeable impact on the headers were detected by both rule sets, but the results for the third party traces were better in the case of the ML devised rules, providing a clear evidence for the aforementioned assumptions.Hoje em dia, as comunicações através de redes informáticas são da maior importância para o normal funcionamento das organizações, transações mundiais e entrega de conteúdos. Essas redes são ameaçadas por todo o tipo de ataques, levando a anomalias no tráfego, que eventualmente vão corromper o normal funcionamento da rede, explorando falhas específicas num componente de um sistema, ou esgotando os recursos de rede. A deteção automática dessas anomalias de rede é um dos recursos mais importantes para os administradores de rede, e os Sistemas de Deteção de Intrusões estão entre os sistemas responsáveis por essa deteção. Esta dissertação tem como ponto de partida, a assunção que é possível usar mecanismos de aprendizagem automática para produzir, de modo consistente e automático, regras para a deteção de intrusões, baseadas em estatísticas dos primeiros 64 bytes dos cabeçalhos dos pacotes IP. O estudo sobre o estado da arte em trabalhos da área, e em sistemas de deteção atualmente disponíveis, mostrou que o método usado nesta dissertação merece ser estudado. O algoritmo de árvores de decisão C4.5 foi identificado como um meio apropriado para produzir as regras já referidas, devido à semelhança entre a sintaxe das mesmas e a estrutura em árvore deste algoritmo. Várias regras foram depois produzidas para vários tipos de ataque, usando a abordagem por aprendizagem automática. Os ataques tomados em consideração foram os mesmos que foram utilizados num trabalho anterior, em que a regras foram concebidas manualmente. Ambos os conjuntos de regras são depois comparados, para mostrar que, de facto, é possível construir regras através da abordagem utilizada nesta dissertação, e que as regras criadas através do algoritmo C4.5 são superiores às que foram criadas através de análise humana das várias estatísticas calculadas para os bytes dos cabeçalhos dos pacotes. Para as comparar, cada conjunto de regras foi utilizado para detetar intrusões em registos de tráfego disponíveis na Internet contendo ataques e em tráfego em tempo real, durante a simulação de ataques. A maioria dos ataques que produz um forte impacto nos cabeçalhos dos pacotes foi detetado por ambos os conjuntos, mas os resultados com os registos retirados da Internet foram melhores para as regras produzidas por aprendizagem automática, dando uma prova clara para o que foi previamente assumido