Data Mining for IDS is the technique which can be used mainly to identify unknown attacks and to reduce false alarm rates in anomaly detection technique. Various Research Projects using Data Mining techniques for Intrusion Detection are proposed one of which is MADAM ID (Mining Audit Data for Automated Models for Intrusion Detection) used to detect both Misuse detection (used to identify known attacks) and Anomaly detection (used to predict unknown behavior of attacks). It uses data mining technique on different data sets captured by continuous auditing of data on network. This paper focus on MADAM ID which includes types of intrusion it detect like DDOS attack, various types of alarm ratesit generated, C4.5 algorithm which is used to classify the data as normal and abnormal and how it is better than ID3 algorithm, types of result it generated with example, total cost it includes, drawback of MADAM ID, future scope of data mining in intrusion detection. We use Wireshark tool for auditing packets on network and WEKA tool for pre-processing on the given data set, classify them by J48 tree which is an implementation of C4.5 algorithm and detect various alarm rates.
[1]
Klaus Julisch,et al.
Data Mining for Intrusion Detection
,
2002,
Applications of Data Mining in Computer Security.
[2]
P Srinivasulu,et al.
Classifying the Network Intrusion Attacks using Data Mining Classification Methods and their Performance Comparison
,
2009
.
[3]
Sushil Jajodia,et al.
Data warehousing and data mining techniques for intrusion detection systems
,
2006,
Distributed and Parallel Databases.
[4]
Lilly Suriani Affendey,et al.
Intrusion detection using data mining techniques
,
2010,
2010 International Conference on Information Retrieval & Knowledge Management (CAMP).
[5]
Jiawei Han,et al.
Data Mining: Concepts and Techniques
,
2000
.
[6]
Mooi Choo Chuah,et al.
Packetscore: statistics-based overload control against distributed denial-of-service attacks
,
2004,
IEEE INFOCOM 2004.