In spite of increasing trends in information technology globally, security has been a challenging issue for computer networks. Intrusion detection system has been the central topic of study for several researchers; studies particularly revolving around how IDS based on data mining methods are an effective strategy. The survey conducted in the paper “Intrusion Detection System with Data Mining Approach: A Review” is intended to clarify the various problem definitions associated with network intrusion detection and the specific obstacles seen in this field of research. The paper also deals with the varying assumptions and heuristics that form the basis for various approaches. The article successfully demonstrates problems in network intrusion detection systems wherein log files are usually high in scale and dimensions, and describes the need for developing new and advanced techniques for processing these large data sources. Moreover, it illustrates that nature of data in IDS is concept drift and must be handled by advanced methods (Khalilian et al. 31). Another highlight of the paper is the efficiency in terms of accuracy which is among the most vital measurements particularly determined by ratio of false positive and false negative alarms. This calls for the design of efficient algorithms to scan the data and extract hidden patterns within, in one attempt. The paper discusses about the two primary approaches to intrusion detection; namely use of signature-based methods for detecting attacks and malicious activities, and second is anomaly detection methods. These methods when used in combination can help in overcoming most drawbacks including evolving data, intrusion detection inaccuracy, space restrictions, etc. The paper also highlights the need for real-time identification of intrusion in networks, even though these systems are helpful in offline status for elimination weaknesses of network security (Khalilian et al. 29-34).
Further in this direction, the paper titled “A Novel Unsupervised Classification Approach for Network Anomaly Detection by K-Means Clustering and ID3 Decision Tree Learning Methods” presents the advanced combinative solution for unsupervised classification of anomalous and normal activities in network ARP traffic. The authors of this paper discuss the ways in which the combination of two popular machine learning techniques: the k-Means clustering and the ID3 decision tree learning methods can help in monitoring and controlling the behaviour and data flow of the computer network. Firstly, the approach involves the application of k-Means clustering to the normal training instances for partitioning it into k clusters by Euclidean distance similarity. The ID3 decision trees created on each cluster understands the sub-group and divides the decision space into smaller regions, to enhance the classification performance. The paper then compares the proposed technique with the individual k-Means and ID3 techniques in terms of the total classification performance based on five different performance criteria, after which the findings reveal that the proposed method outperformed both the k-Means and the ID3 method in contrast to other solutions (Yasami et al. 231-245). Furthermore, it was confirmed that the performance of Stochastic Learning Automata and the Morkovian chain-based methods are almost similar and lie between the suggested combinatorial k-Means +ID3 as well as the separate k-Means and ID3 methods, based on all five performance measures across the real network ARP traffic. However, the authors stress on the need for further research to be done for evaluating the performance of the proposed method with other combinatorial methods that can be devised with various clustering methods (Yasami et al. 231-245).
Khalilian, Madjid, Norwati Mustapha, Md NAsir Sulaiman, and Ali Mamat. “Intrusion Detection system with Data Mining Approach: A Review”. Global Journal of Computer Science and Technology 11.1 (2011): 29-34. Print.
Yasami, Yasser, and Saadat Pout Mozaffari. “A Novel Unsupervised Classification Approach for Network Anomaly Detection by K-Means Clustering and ID3 Decision Tree Learning Methods”. Computer Engineering Department Amirkabir University of Technology (AUT). Journal of Supercomputers 53 (2010): 231-245.