Intrusion detection in computer networks based on KNN, K-Means++ and J48

Abstract

The diversification of web, desktop and mobile applications has made information security an issue in public and private organizations. Large amounts of data are generated by applications leading to many network requests that generate considerable volumes of traffic data that must be analyzed quickly and effectively to avoid unauthorized access. Analyzing these network data, it is possible to extract knowledge to detect if applications are experiencing instability on behalf of malicious users. Tools called IDS (Intrusion Detection System) are used to detect malicious accesses. An IDS can use different techniques to classify a network connection as intrusion or normal. This work analyses data mining algorithms that can be integrated into an IDS to detect intrusions. Experiments were conducted using the WEKA environment, the NSL-KDD dataset, the supervised algorithms KNN (K Nearest Neighbours) and J48, and the unsupervised algorithm K-means++.