A Rule Induction Attribution Selection Algorithm for Intrusion Detection Systems

Abstract

The high level of dependence of computer users on communication network infrastructures such as Internet and intranet is associated with increased level of threats to security resulting into outcomes such as interference to valid communication channels and loss of valuable information. Several network security tools have been developed over the past years, one being Intrusion Detection Systems (IDS). IDS use attributes to differentiate between normal and intrusive activities based on the behavior of users, networks or computer systems. However, with IDS, the expert’s guess, experience and knowledge are central when choosing the features for detection which often results to false alarms and insufficiency of the detection system. This study investigated the possibility of enhancing the performance of IDS using data mining techniques. This study proposed Rule Induction technique of data mining to remove redundant or irrelevant attributes of IDS thereby enhancing accuracy, speeding up the computation time and minimizing false alarms. For effective generalization of Rule Induction Attribution Selection (RIAS), the algorithm was tested on KDD Cup99 dataset. Accuracy results from RIAS (53.98) were higher than that of Repeated Incremental Pruning to Produce Error Reduction (RIPPER) (0.48) while RIAS’s (56121.53) computation time fell below that of RIPPER (902.47). The high accuracy results of RIAS indicate its capability to minimizing false alarms more than RIPPER. Clustering based on weighted support was applied to test the effectiveness of RIAS. Findings indicated that integrating data mining with IDS is effective in identifying useful information, hidden trends and associations from bulky of information.