Evidence Accumulation Clustering Based on the K-Means Algorithm
Proceedings of the Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition
A framework of cooperating intrusion detection based on clustering analysis and expert system
InfoSecu '04 Proceedings of the 3rd international conference on Information security
An Integrated Model of Intrusion Detection Based on Neural Network and Expert System
ICTAI '05 Proceedings of the 17th IEEE International Conference on Tools with Artificial Intelligence
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A New Data-Mining Based Approach for Network Intrusion Detection
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems
IEEE Transactions on Parallel and Distributed Systems
Hi-index | 0.00 |
The usage of internet has almost become indispensable for information transaction and communication among people in various sections of the society. However as the network grows, secured information communication has become more vulnerable due to threats from unknown sources and hence the need for secured information sharing assumes greater importance in the present scenario. Various types of threats can be monitored by designing effective intrusion detection systems for providing security to the network. In this paper we have proposed a new frame work based on a hybrid intrusion detection system for known and unknown attacks in an efficient way. This frame work has the ability to detect intrusion in real time environment from the link layer. This has been achieved by combining rule base with appropriate clustering techniques for both supervised and unsupervised data. The known attack patterns are identified, with misuse detection system, using the rule base and, with anomaly detection, new attacks are identified by deploying clustering techniques. The new attacks have been updated in the rule base with the knowledge from an expert database that improved the efficiency of the system. The detection rate of the hybrid system has been found to increase as the unknown attack percentage increases whereas in misuse, detection rate is found to decrease and in anomaly detection rate remains constant.