Intrusion detection system using data mining approach

Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. This paper gives an overview of the existing intrusion detection techniques, including anomaly detection and misuse detection models, and identifies techniques related to intrusion detection in distributed systems. It includes topics like machine learning and data mining approaches. In this paper, we describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detec-tion and anomaly detection. Topics discuss the strengths of our data mining programs, namely, classification, meta-learning, association rules, and frequent episodes. We describe our approaches to address three types of issues: accuracy, efficiency, and usability. To improve accuracy, data mining programs are used to analyze audit data and extract features that can distinguish normal activities from intrusions. we use artificial anomalies along with normal and intrusion data to produce more effective misuse and anomaly detection models. To improve efficiency, the computational costs of features are analyzed and a multiple-model cost-based approach is used to produce detection models with low cost and high accuracy.