Intrusion Detection Using Data Mining

 

dr

Prof. (Dr.) Sunil Kumar Khatri
Director, AIIT, Amity University Uttar Pradesh, Noida, India

sunilkkhatri@gmail.com, ProfSunil.K.Khatri@ieee.org

 

 

Intrusions are the activities that violate the security policy of system.Intrusion Detection is the process used to identify intrusions.An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Based on the sources of the audit information used by each Intrusion Detection System (IDS), the IDSs may be classified into:

·         Host-based IDS: Get audit data from host audit trails.Detect attacks against a single host

·         Distributed IDS: Gather audit data from multiple hosts and possibly the network that connects the hosts. Detect attacks involving multiple hosts

·         Network-Based IDS: Use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services. Detect attacks from network.

 

Intrusion Detection Techniquesare classified as:

·         Misuse detection:Catch the intrusions in terms of the characteristics of known attacks or system vulnerabilities.  It extract feature from known intrusions and integrate the Human knowledge. The rules are pre-defined however, it has disadvantage that it cannot detect novel or unknown attacks

·         Anomaly detection: Detect any action that significantly deviates from the normal behavior. Sometime assume the training audit data does not include intrusion data. Any action that significantly deviates from the normal behavior is considered intrusion. It has a disadvantage that when a noise (intrusion) data is in training data, it will make a misclassification.

 

Data Mining has found wide applications for last two decades and Network Security is not left untouched. The talk will focus on applying classification and association rule mining for anamoly-based intrusion detection in the network.

 

 

Prof. (Dr.) Sunil Kumar Khatri is working as Director in Amity Institute of Information Technology, Amity University, Noida, India. He is a Fellow of IETE, Sr. Member of IACSIT, Sr. Life Member of CSI, Sr. Member of IEEE, USA and Member of IAENG, Hong Kong. He is Vice-Chairman of CSI Noida Chapter, Secretary in SREQOM, Member of IEEE UP Section (India) Executive Committee and Honorary Member in Governing Council of Delhi Chapter, 3E Innovative Foundation.He has been conferred “IT Innovation & Excellence Award for Contribution in the field of IT and Computer Science Education” by Knowledge Resource Development & Welfare Group at IIT, Delhi in 2012. He has also been conferred with the award for “Exceptional Leadership and Dedication in Research” during the 4th International Conference on Quality, Reliability and Infocom Technology in the year 2009.Dr. Sunil Kumar Khatri is Associate Editor of International Journal of Systems Assurance Engineering and Management (IJSAEM), Springer Verlag. He is in Editorial Board of several journals from India and abroad.He has edited three books, four special issues of international journals and published several papers in international and national journals and proceedings.His areas of research are Software Reliability, Modeling and Optimization, Data Mining and Warehousing, Network Security, Soft Computing and Pattern Recognition and guiding Ph.D. research scholars in these areas.