Abstract
Intrusion detection system has become an important component of a network infrastructure
protection mechanism. There are generally two main methods or techniques in intrusion
detection; misuse detection and anomaly detection. While it is imperative for IDSs to be adaptive
and extensible in today’s network computing environment, a more systematic and automated
approach is required in building such system. A data-centric point of view is taken to consider
intrusion detection as a data analysis process where data mining techniques can be applied. This
research focuses on the various data mining techniques for anomaly based intrusion detection
system. The key idea is to conduct a comparative study of several data mining techniques for
analysing large intrusion detection data sets. Evaluations are done using unsupervised anomaly
detection schemes on the DARPA’98 data sets and real network traffic. Unsupervised learning
method is used to be able to detect novel attacks not seen before as well as due to the dynamic
nature of attacks characteristics. In addition, the evalution is to identify accuracy in detecting the
different types of network intrusions ranging from both time-based and content-based attacks.
The detection performance is measured by its detection accuracies and ROC (Receiver’s
Operating Characteristics) curves. Results from this evaluation shall lead to the proposal for an
anomaly intrusion detection model of an effective network intrusion detection system based on
the criteria of mesurement.