Network Intrusion Detection System Using Data Mining

  • Lídio Mauro Lima de Campos
  • Roberto Célio Limão de Oliveira
  • Mauro Roisenberg
Part of the Communications in Computer and Information Science book series (CCIS, volume 311)


The aim of this study is to simulate a network traffic analyzer that is part of an Intrusion Detection System - IDS, the main focus of research is data mining and for this type of application the steps that precede the data mining : data preparation (possibly involving cleaning data, data transformations, selecting subsets of records, data normalization) are considered fundamental for a good performance of the classifiers during the data mining stage. In this context, this paper discusses and presents as a contribution not only the classifiers that were used in the problem of intrusion detection, but also the initial stage of data preparation. Therefore, we tested the performance of three classifiers on the KDDCUP’99 benchmark intrusion detection dataset and selected the best classifiers. We initially tested a Decision Tree and a Neural Network using this dataset, suggesting improvements by reducing the number of attributes from 42 to 27 considering only two classes of detection, normal and intrusion. Finally, we tested the Decision Tree and Bayesian Network classifiers considering five classes of attack: Normal, DOS, U2R, R2L and Probing. The experimental results proved that the algorithms used achieved high detection rates (DR) and significant reduction of false positives (FP) for different types of network intrusions using limited computational resources.


Datamining Network Intrusion Detection System Decision Tree Neural Network Bayesian Network 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Stolfo, S.J., et al.: KDD cup 1999 data set. KDD repository. University of California, Irvine,
  2. 2.
    Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)Google Scholar
  3. 3.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A Detailed Analysis of the KDD CUP 99 Data Set. Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA (2009)Google Scholar
  4. 4.
    Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann (1993)Google Scholar
  5. 5.
    John, G., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345 (1995)Google Scholar
  6. 6.
    Kohavi, R.: Scaling up the accuracy of naive-Bayes classifiers: A decision-tree hybrid. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, vol. 7 (1996)Google Scholar
  7. 7.
    Breiman, L.: Random Forests. Machine Learning 45(1), 5–32 (2001)Google Scholar
  8. 8.
    Aldous, D.: The continuum random tree. I. The Annals of Probability, 1–28 (1991)Google Scholar
  9. 9.
    Ruck, D., Rogers, S., Kabrisky, M., Oxley, M., Suter, B.: The multilayer perceptron as an approximation to a Bayes optimaldiscriminant function. IEEE Transactions on Neural Networks 1(4), 296–298 (1990)Google Scholar
  10. 10.
    Chang, C., Lin, C.: LIBSVM: a library for support vector machines (2001), Software available at
  11. 11.
    Waikato environment for knowledge analysis (weka) version 3.5.7 (June 2008),
  12. 12.
    Farid, D.M., Harbi, N., Rahman, M.Z.: Combining naive Bayes and Decision Tree for adaptative Intrusion Detection. International Journal of Network Security & Its Applications (IJNSA) 2(2) (April 2010)Google Scholar
  13. 13.
  14. 14.
    Panda, M., Patra, M.R.: Network intrusion detection using naive bayes. IJCSNS (2006)Google Scholar
  15. 15.
    Faroun, K.M., Boukelif, A.: Neural network learning improvement using k-means clustering algorithm to detect network intrusions. IJCI (2006)Google Scholar
  16. 16.
    Gaddam, S.R., Phoha, V.V., Balagani, K.S.: Means+id3 a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Transactions on Knowledge and Data Engineering (2007)Google Scholar
  17. 17.
    Wasniowski, R.: Multi-sensor agent-based intrusion detection system. In: Proc. of the 2nd Annual Conference on Information Security, Kennesaw, Georgia, pp. 100–103 (2005)Google Scholar
  18. 18.
    Chen, R.C., Chen, S.P.: Intrusion detection using a hybrid support vector machine based on entropy and TF-IDF. International Journal of Innovative Computing, Information, and Control (IJICIC) 4(2), 413–424 (2008)Google Scholar
  19. 19.
    Alvarez, G., Petrovic, S.: A new taxonomy of web attacks suitable for efficient encoding. Computers and Security 22(5), 435–449 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Lídio Mauro Lima de Campos
    • 1
  • Roberto Célio Limão de Oliveira
    • 1
  • Mauro Roisenberg
    • 1
  1. 1.Universidade Federal do Pará - UFPACastanhalBrasil

Personalised recommendations