Intrusion Detection and Attack Classifier Based on Three Techniques: A Comparative Study


Different soft-computing based methods have been proposed in recent yearsfor the development of intrusion detection systems. The purpose of this work is todevelopment, implement and evaluate an anomaly off-line based intrusiondetection system using three techniques; data mining association rules, decisiontrees, and artificial neural network, then comparing among them to decide whichtechnique is better in its performance for intrusion detection system. Severalmethods have been proposed to modify these techniques to improve theclassification process. For association rules, the majority vote classifier wasmodified to build a new classifier that can recognize anomalies. With decisiontrees, ID3 algorithm was modified to deal not only with discreet values, but alsoto deal with numerical values. For neural networks, a back-propagation algorithmhas been used as the learning algorithm with different number of input patterns(118, 51, and 41) to introduce the important knowledge about the intruder to theneural networks. Different types of normalization methods were applied on theinput patterns to speed up the learning process. The full 10% KDD Cup 99 traindataset and the full correct test dataset are used in this work. The results of theproposed techniques show that there is an improvement in the performancecomparing to the standard techniques, furthermore the Percentage of SuccessfulPrediction (PSP) and Cost Per Test (CPT) of neural networks and decision treesare better than association rules. On the other hand, the training time for neuralnetwork takes longer time than the decision trees.