tailieunhanh - Building models for detecting system attacts based on data mining

This paper proposes a new approach which combines different classifiers in order to make best use of each classifier. To build the new model, we evaluate the accuracy and performance (training and testing time) of three classification algorithms: ID3, Naitive Bayes and SVM. | JOURNAL OF SCIENCE OF HNUE Interdisciplinary Science 2013 Vol. 58 No. 5 pp. 39-46 This paper is available online at http BUILDING MODELS FOR DETECTING SYSTEM ATTACTS BASED ON DATA MINING Pham Duy Trung1 Luong The Dung1 and Nguyen Duy Hai2 1 Academy of Cryptography Techniques 2 Centre of Information Technology Hanoi National University of Education Abstract. With the development of the Internet network security has become an indispensable factor of computer technology. Intrusion Detection Systems IDS play an important role in network security. One aspect which affects the accuracy and performance of IDS are classifiers. This paper proposes a new approach which combines different classifiers in order to make best use of each classifier. To build the new model we evaluate the accuracy and performance training and testing time of three classification algorithms ID3 Naitive Bayes and SVM. Our experimental results using the KDDCup 99 IDS dataset based on the 10-fold cross validation test shows that against any one particular type of attack one of the classifiers functions best. The purpose of this study is to enhance the accuracy and performance of IDS against particular types of attacks. Keywords Network security data mining network computer. 1. Introduction The Internet pervades almost every aspect of life and business and due to the exponential growth of this trend there has come to exist the critical need to secure these systems from unauthorized disclosure transfer modification or destruction. An Intrusion Detection System IDS inspects the activities in a system for suspicious behavior or patterns that may indicate an ongoing system attack or misuse. Recently as networks have become faster the need has an emerged for security analysis techniques that will be able to keep up with the increased network throughput 1 . Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors optimizing Received May 25