2011 3 Rd Conference on Data Mining and Optimization (dmo) Anomaly Detection for Ptm's Network Traffic Using Association Rule

In order to evaluate the quality of UKM's NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM's NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.

[1]  Azuraliza Abu Bakar,et al.  Improving signature detection classification model using features selection based on customized features , 2010, 2010 10th International Conference on Intelligent Systems Design and Applications.

[2]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[3]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[4]  Hui Wang,et al.  Mining Association Rules for Intrusion Detection , 2009, 2009 Fourth International Conference on Frontier of Computer Science and Technology.

[5]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[6]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[7]  S. Bridges,et al.  Genetic Algorithm Optimization of Membership Functions for Mining Fuzzy Association Rules , 2000 .

[8]  Reda Alhajj,et al.  A clustering algorithm with genetically optimized membership functions for fuzzy association rules mining , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[9]  Jiawei Han,et al.  Data Mining: Concepts and Techniques, Second Edition , 2006, The Morgan Kaufmann series in data management systems.

[10]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[11]  AgrawalRakesh,et al.  Mining quantitative association rules in large relational tables , 1996 .

[12]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[13]  Zhu Xiaorong,et al.  The Research on the Application of Association Rules Mining Algorithm in Network Intrusion Detection , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[14]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.

[15]  Tak-Chung Fu,et al.  Agent-based network intrusion detection system using data mining approaches , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[16]  I. Ramesh Babu Intrusion Detection Using Data Mining Along Fuzzy Logic and Genetic Algorithms , 2008 .

[17]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[18]  A. El-Semary,et al.  Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection , 2006, 2006 IEEE Information Assurance Workshop.

[19]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[20]  Wai-Ho Au,et al.  FARM: a data mining system for discovering fuzzy association rules , 1999, FUZZ-IEEE'99. 1999 IEEE International Fuzzy Systems. Conference Proceedings (Cat. No.99CH36315).

[21]  Ramakrishnan Srikant,et al.  Mining quantitative association rules in large relational tables , 1996, SIGMOD '96.

[22]  Jian Pei,et al.  Data Mining: Concepts and Techniques, 3rd edition , 2006 .