Identifying false alarm for network intrusion detection system using data mining and decision tree

Although an intelligent intrusion and detection strategies are used to detect any false alarms within network critical segments of network infrastructures, reducing false positives are still being a major challenges. Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems are probably cannot highly detect on low false alarm rates. To offset abovementioned constraints, this paper proposes a strategy to focus on detection involving statistical analysis of both attack and normal traffics based on the training data of KDD Cup 99. This strategy is also included a hybrid statistical approach which using Data Mining and Decision Tree Classification. As a result, the statistical analysis can be manipulated to reduce misclassification of false positives and distinguish between attacks and false positives for the data of KDD Cup 99. Therefore, this strategy can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical segments of network, application and database infrastructures.