Open Access  Subscription or Fee Access

Intrusion detection is one of the core technologies of computer security. It is required to protect the security of computer network systems. Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, optimizing performance of network intrusion detection becomes an important open problem. Data mining techniques are being applied in building intrusion detection systems to protect computing resources against unauthorized access. Classification methods are employed to categorize the network attacks. Usually one classifier algorithm is used to classify various network attacks. In this paper, we evaluated the performance of a comprehensive set of classifier algorithms using KDD99 dataset. It is found that certain algorithms perform better for certain attack classes. So a set of classifier algorithms namely, BayesNet, Naïve Bayes, J48, Decision Table, JRip, OneR, IBk are compared based on the 10-fold cross validation test. Finally, two classifier algorithm selection models are proposed based on the evaluation results to categorize the network attacks.

Data Mining, Classifier Algorithms, Network Security, Intrusion Detection, KDD Dataset

1.] Witten, I.H, Frank, E.: Data Mining : Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann, San Francisco,2005.

Weka – Data Mining Machine Learning Software, http://www.cs.waikato.ac.nz/ml/weka/

KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

Xu, X.: Adaptive Intrusion Detection Based on Machine Learning: Feature Extraction, Classifier Construction and Sequential Pattern Prediction. International Journal of Web Services Practices 2(1-2), 49–58 ,2006

H. Güneş Kayacık, A. Nur Zincir-Heywood, Malcolm I. Heywood,”Selecting Features for Intrusion Detection:A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets”, PST, 2005.

The 1998 intrusion detection off-line evaluation plan. MIT Lincoln Lab. ,http://www.11.mit.edu/IST/ideval/docs/1998/id98-eval-11.txt, 25 March 1998.

Li, Y., Guo, L.: An Active Learning Based TCM-KNN Algorithm for SupervisedNetwork Intrusion Detection. In: 26th Computers & Security, pp. 459–467 , 2007

Panda M. and Patra M.R (2008), “A Comparative study of Data Mining Algorithms for Network Intrusion Detection”, Proceedings of the 1st Conference on Emerging Trends in Engineering and Technology, pp. 504-507, IEEE Computer Society, USA.

Juan Wang, Qiren Yang, Dasen Ren, “An intrusion detection algorithm based on decision tree technology”, Asia-Pacific Conference on Information Processing, 2009.

Huy Anh Nguyen and Deokjai Choi,Application of Data Mining to Network intrusion Detection: Classifier Selection Model,2008.