COMPARITIVE STUDY OF DATA MINING TECHNIQUES FOR
advertisement
International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 COMPARITIVE STUDY OF DATA MINING TECHNIQUES FOR INTRUSION DETECTION SYSTEM 1. SuchiKumari ,Vijay Kumar Jha2 , Chandrashekhar Azad3 1 M.Tech Scholar,Dept. of Computer Science Engineering, Birla Institute of Technology, Ranchi, Jharkhand,India 2 Associate Professor, Dept. of Information Technology, Birla Institute of Technology, Mesra, Ranchi, Jharkhand,India 3 Research Scholar,Birla Institute of Technology Mesra, Ranchi, India3 ABSTRACT Due to growing information technology day by day,security has remained one challenging area of computer and network.Intrusion detection is the process of analyzing and monitoring the events occurring in network traffic in order to detect suspicious activity.In present study,we provide detailed information about data mining techniques like classification,clustering,association rule, Feature selection, prediction and comparative study of all of the major techniques.This work will also focuson comparative study of all the techniques which comes under classification and clustering in terms of computation,speed and detection rate. It will also present the best algorithm of Intrusion Detection of each type. Keywords:-Data Mining,classification,clustering,association rule 1. INTRODUCTION Nowadays,our regular life totally depends upon internet.There exist an extensive growth in using internet in social networking,healthcare,ecommerce,bank transaction,airlines,railways and many other services.So,It is very important to make internet application secure and private.The security of a computer system is compromised when an intrusion takes place.Intrusion are any set of actions that threatens the integrity,availability or confidentiality of a network resource.Intruder may be from outside the network or legitimate user of anetwork.In early days,only static defense technique such as virtual private network,firewall and data information encryption e.t.c are used for network security,but they are not enough to secure network completely.So,there is a need of dynamic defense techniques.Various research has been done to ensure the security of computer network. As a result,Dynamic approach is introduced which is called Intrusion Detection System(IDS).IDS is the process of identifying and responding the malicious activity,targeted at computing and network sources[1]. 2.INTRUSION DETECTIONSYSTEM Intrusion detection system acts an important role in detecting malicious activities in computer and network systems. The following discusses the various terms related to intrusion detection. A. Intrusion :It is an illegal act of entering , seizing or taking possession of another’s property. It is any set of actions that threatens the integrity, confidentiality or availability of a network resource. i) Data integrity: It ensures that the information which is transmitted from the sender to receiver is not modified during its transmission until it reaches to the intended receiver . It maintains and assures the consistency and accuracy of the data during its transmission. ii) Data Confidentiality: The Principle of confidentiality specify that only sender and the intended recipient should be able to access the content of message. iii) Data Availability: It states that resources (information) should be available to authorize parties at all time. iv) Authentication: means the identity of a party is confirmed. v ) Non-repudiation : means the denial of integrity and authenticity of information is not possible. B. Intrusion Detection :The process of analyzing and monitoring the events occurring in network traffic in order to detect suspicious activity is known as Intrusion Detection . It has emerged an important field for network security. C. Intrusion Detection System :It inspects all inbound and outbound network activity and identifies suspicious pattern that may indicate a network or system attack from someone attempting to break into or compromise a system . It is a software that automates the Intrusion detection process. Volume 4, Issue 4, April 2015 Page 260 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 There are basically 3 steps of IDS: i) Monitoring and analyzing traffic ii) Identifying Abnormal Activities iii) Assessing Severity and Raising Alarm In some cases, the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP Address from accessing the network. Figure 1Process of Intrusion Detection Systems 3.CLASSIFICATION OF INTRUSION DETECTION SYSTEM Intrusion detection system can be classified in various ways. This classification is based on data source, behavior, structure, how the system is protected and how intrusions are detected. Approach based IDS :Itis mainly classified into Anomaly and Misuse. Anomaly intrusion detection also known as Behavior based system because itassociates with variations from user behaviour.It builds models of normal network behaviour (called profiles) , which it uses to detect new patterns that significantly deviate from the profiles. It detects unwanted traffic that is unknown and able to find new attacks. The second approach Misuse detection also known as Signature based system becausealarmsare generated based on particularattack signatures.It searches for patternsof program or user behavior that match known intrusion scenario , which are stored as Signatures. Each of these techniques has their strength and weakness. Protection based IDS : It is classified according to data source from which information is extracted. Host based IDS depends upon single host or computer system on the network. It is implemented by placing sensor on a particular r computer system. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator , if suspicious activity is sensed. On other side Network based IDS examines each and every node on network under observation. However IDS available in market are hybrid of NIDS and HIDS. Hybrid Intrusion Detection System is has flexibility and it increases the security level. It combines IDS sensor locations and reports attacks are aimed at particular segments or entire network. Architecture Based IDS:IDS can also distributed or centralized. In distributed IDS numbers of IDS are present on the network where they communicate with each other or to a centrally located sever Whereas IDS can also be a standalone system. Volume 4, Issue 4, April 2015 Page 261 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 Behavior based IDS: It is either active or passive. Active IDS detects and also prevents intrusion. On opposite side passive IDS only detect intrusions. Hence active IDS is also known as IDPS. Figure 2 Architecture of Intrusion Detection System 4. LITERATURE REVIEW MengJianliang et.al. (2009) had presented the K-means algorithm for intrusion detection. Experimental results on a subset of KDD-99 dataset showed the stability of efficiency and accuracy of the algorithm. With different setting, the detection rate stayed always above 96% while the false alarm rate was below 2%.The time complexity is low.MohammadrezaEktela et.al.(2010), used Support Vector Machine andclassification tree Data mining technique for intrusiondetection in network. They compared C4.5 and Support Vector Machine by experimental result and found that C4.5 algorithm has better performance in term of detection rate and false alarm rate than SVM, but for U2R attackSVM performs better.Song Naiping et.al.(2010),studied on Intrusion detection based on Data mining. Here, types of IDS means Misuse detection and Anomaly detection are described by the author along with different Data mining techniques which are used to build IDS.Z. Muda et.al (2011) proposed an IDS which produce low false alarm rate &Improve accuracy and detection rate and capable to correctly classify Normal data type, and also attack data types like Probe and DoSbut not capable to correctly classify for U2R and R2L.Ahmed Youssef et.al. (2011) suggested that a combination of DM and NBA approaches may overcome the limitations in current IDS and leads to high performance ones.Gholam Reza Zargar, Tania Baghaie,(2012) proposed a category-based selection of effective parameters for intrusion detection using Principal Components Analysis (PCA).Susheel Kumar Tiwari and Mahendra Singh Sisodiai(2012) have proposed a model of NIDS based on K-Means Clustering via Naive Bayes algorithm. The model builds the patterns of the network services over data sets labeled by the services. With the built patterns, the model detects attacks in the datasets using the k-means clustering via naive Bayes Classifier algorithm. Compared to the Naive based approach, this approach achieve higher detection rate. However, it generates somewhat more false positive rate.Nadiammai,et.al.(2013)proposed EDADT algorithm which reducesthe actual size of the dataset and helps the administratorto analyze the ongoing attacks efficiently with less false alarmrate respectively.It gives better accuracy and reduces falsealarm rates.Rachnakulhare and Divakar Singh(2013) proposed an IDS which reduces the training time and increases the detection accuracy. But Greater computational cost .Yogita B. Bhavsar and Kalyani C. Waghmare(2013) proposed an IDS that has High Accuracy but extensive training time.Sandeep D et.al. (2014) proposed a GA-based fuzzy Class Association Rule Mining with Sub-Attribute Utilization and its application to classification, which can deal with discrete and continuous attributes at the same time and this method was applied them to both misuse detection and anomaly detection and able to perform experiments with practical data provided by KDD99 Cup.HarshitSaxena andDr.VineetRichariya (2014) proposed an IDS that has good detection rate in case of Denial of Service (DoS) attack. But ,fail to achieve good detection rate in case of U2R and R2Lattack. Volume 4, Issue 4, April 2015 Page 262 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 5. DATA MINING It is the process of Extracting implicit, Previously Unknown and Potentially useful information from data. Figure 3 Knowledge Discovery Process Why Data Mining Techniques are used? i) Since The Network Traffic is large , analysis of data is too hard. ii) It ensures the accuracy and efficiency in detection process. iii) It can also detect both known and previous unknown patterns of attacks. DATA SET: The data applied in the research comes from NSL-KDD dataset .It is newest version of KDD Dataset that consists of selected records of the complete KDD data set and is publicly available for researchers. NSL-KDD solved the problem of KDD Dataset. The advantages of NSL-KDD data set over the original KDD data set is that It does not include redundant records in the train set, so the classifiers will not be biased towards more frequent records. In each connection are 41 attributes describing different features of the connection and a label assigned to each either as an attack type or as normal. The data set contains a total of 24 attack types (connections) that fall into 4 major categories: Denial of service (Dos), Probe, User to Root (U2R), Remote to User (R2L). Each record is labeled either asnormal, or as an attack, with exactly one specific attack type . 6. DATA MINING TECHNIQUESFOR IDS Different data mining techniques like Classification,Clustering,Association Rules,Feature Selection and Prediction are widely used to acquire information about intrusions by observing network data. Classification : It is a way to segment data by assigning it to groups that are already defined.The main goal of Classification is to analyze the new records and then will be classified either as Normal or abnormal. Classification can be effective for both anomaly detection and misuse detection,but mostly used for anomaly detection. Classification is also called Supervised Learningbecause ,it is directed by these labeled objects. Different Classification algorithm which are used in Intrusion detection system: Svm: It is one of the most successful classification algorithm in the data mining area.It uses high dimension space to find a hyperplane.It uses several kernel function that user can apply to solve different problem. The main goal of Svm is to find a linear optimal hyperplane so that the margin of separation between 2 classes is maximized. Svm tries to achieve maximum separation between the classes. Figure 4 Support Vector Machine Volume 4, Issue 4, April 2015 Page 263 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 In Svm,a predictor variable is called an Attribute , and a converted attribute that is usedto describe the hyperplane is called a Feature.The process of selecting the mostsuitable representation is called Feature Selection.Svm is popular because it can be easy to use and this algorithm often has good generalization performance , and the samealgorithm solves a variety of problems with little tuning. Decision Tree : It is a classification technique in data mining,for predictive models.It is a flowchart like structure,where internal node represents a test on attribute,branch represents an outcome of the test and leaf node represents a class label.It use divide and conquer method for splitting of data and divide the data into their respective class.It is very useful for large amounts of data and it provides high accuracy.A node of decision tree specifies an attribute by which the data is to be partitioned.Each node has no. of edges,which are labeled according to a possible value of the attribute,in the parent node.Nowadays,different enhanced version of Decision tree algorithm is used for Inrusion Detection. ID3 Algorithm:ID3 is Iterative Dischotomiser3.It is one of the famous inductive logic programming methods. It attempts to create smallest possible Decision tree. J48 Algorithm: J48 has additional features that were not deal in ID3.The no. of changes improved by J48: Missing values of attribute for handling training data. Discrete and continuous value attributes are handled. Neural Network:Neural network was used to refer a network or biological neurons. It is used both in anomaly intrusion detection as well as in misuse intrusion detection. For anomaly intrusion detection,neural network were modeled to learn the typical characteristics of system users and identify statistically significant variations from the user’s established behavior. In misuse intrusion detection the neural network would receive data from the network stream and analyze the information for instance of misuse. Bayesian Network Based:It is a graphical model which contains the set of random variables and their conditional dependencies in which each node represents the random variable and the non-connected node represents the variable which are independent from each other. Naïve Baye’s Algorithm :Naïve Baye’s classifier use the Baye’s theorem to classify the new instances of data.The naïve Baye’s classifier is probabilistic classifier,it Predict the class according to membership probability. Bayes Theorem:P(H/X)= P(X/H).P(H)/ P(X) Where, X is the data record, H is the Hypothesis whichrepresents data X, P(H) is prior probability, P(H/X) is the probabilityof H conditioned on X and P(X/H) is the posterior probability of X conditioned on H. K-Nearest Neighbor Algorithm:It is one of the simplest classification technique,and a type of lazy learning.It simply stores a given training tuple and waits until it is given a test tuple.It is instance based learner that classifies the objects based on closest training data. For a given unknown tuple,a k-neighbor looks the pattern space for the k-training tuples ,that are closest to the unknown tuple.Here,the object is classified by a majority vote of its neighbors. Clustering:Human labelling is expensive and time consuming in case of classification,because the available network information is too large.So,Clustering has attracted curiosity from researchers in the area of intrusion detection.Clustering means grouping of data or dividing a large dataset into smaller datasets of some similarity without using known structure of data. Different types of clustering techniques which are used in Intrusion Detection System : K-means Clustering Algorithm:In this clustering algorithm ,no. of cluster is predefined,which is specified by the user.K-means algorithm creates cluster by determining a central mean of each cluster.The algorithm starts by randomly select k-entities as the means of K-Clusters and randomly adds entities to each cluster.Then,it recomputes cluster means and reassigns entities to clusters to which it is most similar based on the distance between entity and the cluster mean.Then, it recomputed cluster means and reassigns entities to clusters to which it is most similar based on the distance between entity and the cluster mean.Then the mean is recomputed at each cluster and previous entities either stay/move to a different cluster and one iteration completes.Algorithm iterates until there is no change of the means at each cluster. K-medoids: Similar to K-Means,K-medoids is also clustering by partitioning algorithm ,which attempts to minimize the distance between data points and its centroid.The most centrally located instance or data point is considered as centroid in place of taking mean value.This centrally situated object is called Medoid or Reference Point. Fuzzy c-Means Clustering Algorithm:The Fuzzy C-Means (FCM)algorithm is one of the most widelyused methods in fuzzy clustering.In Fuzzy clustering each data point belongs to every cluster by some membership value and the process of grouping is iterated till the change in the membership values of each data point stops changing.It is a method of the clustering which allows one piece of the data belonged to 2 or more clusters. FuzzyLogic+ K-Means Partition=Fuzzy C-Means Volume 4, Issue 4, April 2015 Page 264 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 Association Rule:Association Rule Mining finds interesting association or correlation relationships among a large set of data items,with massive amounts of data continuously being collected and stored.An Association rule is expressed by X=>Y,where X and Y contain a set of attributes.This means that if a tuple satisfies X,it is also likely to satisfy Y. The Apriori Algorithm:The name of algorithm is based on the fact that the algorithm uses prior knowledge of frequent itemset properties. Apriori Property:All nonempty subset of a frequent itemset must also be frequent. Feature Selection:The main idea in Feature selection is to remove features with little or no predictive information from the original set of features of the audit data to form a subset of appropriate features.Feature selection significantly reduces computational complexity resulting from using the full original feature set.It produces new attributes as linear combination of existing Attributes. Prediction:It uses model to predict continuous or ordered value for a given input.It discovers relationship between 1 or more independent variable and relationship between dependent and independent variables.It is similar to human learning experience. 7. PERFORMANCE MEASUREMENT OF IDS Some of the factors used during performance measurement of IDS: True positive (TP):The total number of normal data which are detected as a normal data during intrusion detection process. True negative (TN): In Intrusion detection, number of detected abnormal data which are actually abnormal data in dataset. False positive (FP)/False alarm: Total number of detected normal data but they are actual attack. False negative (FN):Number of detected abnormal instances but in real they are normal data. Performance of IDS is measured in terms of detection rate, accuracy and false alarm rate. Confusion Matrix: Predicted Actual 0 1 0 1 TP FN FP TN Detection Rate (DR)= (TP/TP+FN) x 100% False Alarm Rate (FAR)=FP/Number of Attacks Accuracy=(TP+TN/TP + TN + FP + FN)x 100% Error= 100- Accuracy Recall(R) = TP/TP+FN FNR= 1-R = FN/(TP+FN) Precision(P) = TP/(TP+FP) Specificity = TN/(TN+FP) FPR= 1 – Specificity= FP/(TN+FP) 8.CATEGORIES OF ATTACK Attacks are grouped into following four categories: DoS-Denial of Service:Attackers disrupt a host or network service to make Legitimate users can not access the service in the target machine means attacker makes the memory too busy or too full to handle the requests.e.g:The types of attack comes under DOS are back, land, Neptune ,pod,smurf,teardrop etc. Volume 4, Issue 4, April 2015 Page 265 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 R2L- Remote-to-Local: It is an attack in which attacker sends packet to a machine over a network but does not have an account on that machine.E.g of R2L attacks are xterm, ftp-write,guess_password, imap, sendmail, phfetc U2R -User to Root :It is an attack in which the attacker tries to access the normal user account.e.g of U2R are buffer_overflow,sqlattack, perl,ps,Rootkit e.t.c. Probes-Surveillance and Probing:It is a category of attacks where an attacker examines a network to discover wellknown vulnerabilities and gather information about the network of computers of the target machine.These network investigations arereasonably valuable for an attacker who is planning an attack in future .e.g of probes are such asmscan, saint, satan,portsweep etc. Attack Categories TABLE I Table 1: Simulated attacks are grouped into four categories 9. PERFORMANCE ANALYSIS Table 2: Theoretical comparison of different data mining Techniques S.N TYPE O METHOD KEY FEATURE 1 Classificatio 3.NEURAL n NETWORK 4.BAYESIAN NETWORK BASED 5.K-NEAREST NEIGHBOUR 1.K-Means Most commonly used technique for predicting a specific outcome such as response/no response,high/medium/ low value 2.It is most widely used 2.It has high rate of customer,likely to method of data mining in false alarm. buy/not buy. health care organization. 2.k-Medoids 2 useful for exploring data and finding natural groupings. Clustering 5.Fuzzy C-Means Volume 4, Issue 4, April 2015 DISADVANTAGE 1.This method can be effective for both 1.This technique is anomaly detection and Less efficient than misuse detection but clustering technique. mostly used for anomaly detection. 1.SVM 2.DECISION TREE INDUCTION ADVANTAGE 1.It suffers from the fact that once a merge or split is committed, It can't be undone or refined. 2.Clustering is performed not so much 2.It is very fast to to keep records compute on the database. together as to make it easier to see when one record sticks out from 1.Able to detect intrusions in the audit data without known signature of intrusions. Page 266 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 the rest. 3 Association 1.Aprori Algo Rule 4 Feature Selection 5 prediction 1.It can't be useful if the information do not Find Rules Associated 1.More accurate than provide support and classification. with Frequently coconfidence of rule are occuringitems,used for correct market basket 2.Association rule do analysis,crosssell,root not show reasonable cause analysis,useful 2.Represent patterns in patterns with for product bundling data without specified dependent variable in store placement and target variable and can't reduce the defect analysis. no. of independent variable by removing. 1.Low Prediction 1.Shorter Training Time Produces new Accuracy. attributes as linear 2.Remove combination of irrelevant,redundant or existing attributes. noisy data. Use model to predict 1.It captures Repeatitive 1.There is no best continuous or ordered Patterns. prediction approach. value for a given input 2.Optimal Prediction is 2.Helps Automating very hard problem and Activities. is not yet solved. Table 3: Theoretical comparison of different classification techniques Volume 4, Issue 4, April 2015 Page 267 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 Table 4: Comparative chart of different classification techniques Volume 4, Issue 4, April 2015 Page 268 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 CRITERIA Input Output Membership Value Computation Time Purity of cluster Empty Cluster Generation Efficiency Number of Clusters an Item Belongs Overall Performance Shape of Cluster Detection Rate False +ve Rate ISSN 2319 - 4847 Table 5: Comparative chart of clustering techniques K-MEAN FUZZY C-MEAN Number of clusters K Such that Number of cluster C such that C<M.Set of K<M.Set of data items data items (X1,X2…..Xm).Set of Cluster (X1,X2……Xm) Centers (V1,V2….,Vc) Set of K Clusters Where Each Set of C clusters where each cluster has cluster has similar items. more similar items. Does not Exist Has a membership value as'µij' Simple and Straight Involves the calculation of Several Forward,Require Less Time Formulas So requires more time. Low High May or May not generate No Work well for small Dataset. Works well for small as well as large dataset. One One or more than one cluster Depends on Initial no. of cluster K Works well for compact and Globular Cluster Highest Lowest Depends on Initial no. of cluster C Works well for both globular and NonGlobular Cluster High Lower 10.CONCLUSION AND FUTURE SCOPE Now a days, Intrusion which affects the security and privacy of the system, has become major concern for many organizations.Hence, there is a need of strong IDS which can detect novel attack with high attack detection accuracy. Intrusion detection is an important but complex task for a computer system. Here, Various methods for intrusion detection are studied and compared. It is very difficult to conclude that a particular technique is best among all. Since, each technique has their own advantages, and also disadvantages in comparison with other technique of intrusion detection. Combining more than one data mining algorithms may be used to remove disadvantages of one another. Thus a combining approach has to be made while selecting a mode to implement intrusion detection system. Combining a number of trained classifiers lead to a better performance than any single classifier. On the basis of detection rate, accuracy, execution time and false alarm rate, the paper has analyzed different classification and clustering data mining techniques for intrusion detection. According to given necessary parameter, execution time of support vector machine is less and produces high accuracy with smaller dataset and the main advantage of Fuzzy C-Means Clustering for intrusion detection is the high detection rate and lower false positive rate. It works well for small as well as large dataset. Although Fuzzy C-Means is an efficient technique,it is time consuming. The performance of intrusion detection systems can be still improved by combining the features of Fuzzy C-Means clustering technique with SVM technique so that it reduces the time required by Fuzzy C-Means for the clustering process and also increases the detection rate and decreases the false positive rate thereby making the intrusion detection system more accurate and effective. For the future directions , we would like to evaluate our work on NSL-KDD dataset. Besides, we would also like to make real implementations on hybrid algorithm to practically experiment its effectiveness and apply it on real world intrusion detection problems. ACKNOWLEDGEMENT I Give thanks to Almighty God to give an opportunity for doing research. And wish to acknowledge Dr. Vijay Kumar Jha and Chandrasekhar Azad, both of Birla Institute of Technology for explaining the details of their experiments, Suggestions and comments which really gave me an inspiration to do a comparative Study of Data Mining Techniques For Intrusion Detection System. REFERENCES [1] David Ndumiyana1*, Richard Gotora2 and Hilton Chikwiriro,” Data Mining Techniques in Intrusion Detection:Tightening Network Security”, International Journal of Engineering Research & Technology (IJERT) Vol.2 Issue 5, May-2013 ISSN: 2278-0181 Volume 4, Issue 4, April 2015 Page 269 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 4, April 2015 ISSN 2319 - 4847 [2] V. Jaiganesh , S. Mangayarkarasi , Dr. P. Sumathi,”Intrusion Detection Systems:A Survey and Analysis of Classification Techniques”,International Journal of Advanced Research in Computer and Communication EngineeringVol. 2, Issue 4, April 2013 [3] D.Asir Antony Gnana Singh , E.Jebamalarleavline , ”Data Mining in Network Security-Techniques & Tools : A Research Prespective”, Journal of Theoretical and Applied Information Technology 20th November 2013. Vol. 57 No.2 [4] Ms.RadhikaS.Landge, Mr.AvinashP.Wadhe,” Review of Various Intrusion Detection Techniques based on Data Mining approach”, International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622, Vol. 3, Issue 3, May-Jun 2013, pp.430.435 [5] A. M. Chandrashekhar and K. Raghuveer,”Fortification of Hybrid Intrusion Detection System Using variants of neural networks and support vector machines”International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.1, January 2013 [6] Reema Patel, AmitThakkar, AmitGanatra, “A Survey and Comparative Analysis of Data Mining Techniques for Network Intrusion Detection Systems, International Journal of Soft Computing and Engineering (IJCSE) ISSN:2231-2307,Volume-2, Issue-1, March 2012 [7] Parekh S.P., Madan B.S and TugnayatR.M.,”Approach for Intrusion Detection System using Data Mining“, Journal of Data Mining and Knowledge Discovery, ISSN: 2229-6662 &ISSN: 2229–6670, Volume 3, Issue 2, 2012, pp.-83-87 [8] Guang-Bin Huang, Dian Hui Wang and Yuan Lan, “Extremelearning machines: a survey”, Published: 25 May 2011_ Springer-Verlag,2011. [9] E.Kesavulu Reddy, Member IAENG, V.Naveen Reddy, P.GovindaRajulu, “A Study of Intrusion Detection in Data Mining” Vol III WCE 2011, July 6-8, 2011, London, U.K. Volume 4, Issue 4, April 2015 Page 270
