Comparative analysis of classification techniques in network based intrusion detection systems

Abstract

An Intrusion Detection System (IDS) monitors the system events and examines the log files in order to detect the security problem. In this paper, we analyze the classification algorithms, especially Entropy based classification, Naïve classifier, and J48 using KDD-CUP’99 dataset to detect the different types of attacks. The KDD-Cup’99 dataset is a standard dataset for analysing these type of classification techniques. In KDD-CUP’99 dataset, each instance corresponds to either attack or normal connection. The KDD-Cup’99 dataset contains mainly four types of attack, namely, DOS, U2R, R2L, Probe and these four types of attacks also have subcategories attacks. In this paper, we carry out simulations on the KDD-Cup’99 dataset for all four types of attacks and their subcategories. The back, land, Neptune, pod, smurf, teardrop belong to DoS; the rootkit, Perl, loadmodule, buffer-overflow belong to U2R; the FTP-write, spy, phf, guess-passwd, imap, warezclient, warezmaster, multihop belong to R2L, and the Ipsweep, nmap, portsweep, satan belong to the probe. The simulation results show that the entropy based classification algorithm gives high detection rate and accuracy for normal instances over the J48 and Naïve Bayes classifiers.