Proposal to Enhance NIDS


Proposed work aim to build a proposed Gain Association Rules -Based Network Intrusion Detection System (GARNIDS). GARNIDS trend to enhance traditional NIDS through using three of data mining algorithms; these are: Gain which is measure the entropy for each feature to detect it is Domination Degree (DD) for each attack, then feeding these features with their DD to a proposed Gain Association Rule (GAR) algorithm that to rank the features according to two parameters (frequency and DD). Finally customize K Nearest Neighbor (KNN) as misuse classifier (detect the intrusions and specify their types) the proposal assume the k equal to 3. Many experimental works are conducted to evaluate the proposal over the KDD'99 dataset and show the efficiency of KNN through registering 86% of accuracy with all features, 90% of accuracy with 25 top features and the accuracy was 98% with 8 top features. Also the Detection Rate (DR) and False Alarm Rates (FAR) are both measured with those three cases and still KNN with the top 8 features is the higher in DR and lower in FAR. Finally when try the proposal in real-time with tcpdump the third case register higher accuracy (93%).