Ashaba Anthony Arthur
Project / Thesis:
A Rule Induction Attribution Selection Algorithm for Intrusion Detection Systems
Year of Completion:
Student / Candidate Level
Increased dependence on the internet has propelled the growth of threats that have resulted into losses due to unauthorized access to information. While is important to prevent unauthorized access to system resources, completely preventing security breaches is unrealistic. Intrusion Detection Systems (IDS) have become an essential component of computer security to detect attacks that occur despite the best preventive measures. Intrusion detection seeks distinctive features between the normal data and intrusive activities based on the behavior of users, networks or computer systems. However, IDS has someshortfallsasitisdependentonfeaturesthatarechosenbasedontheexpert’sguess, experience and knowledge, so one can not know whether these features are useful or not which normally results into generation of false alarms. To analyze data, data mining is integrated with IDS to identify useful information, hidden trends and associations from large bulk of information.
This research’s approach uses Rule Induction technique of data mining to remove redundant or irrelevant attributes thereby enhancing the accuracy of Intrusion Detection Systemsandspeedingupthecomputationtimetherebyreducingthenumberoffalsealarms.
ForeﬀectivegeneralizationofRuleInductionAttributionSelection(RIAS),thealgorithm was tested on Knowledge Discovery in Database(KDD) Cup 99 data set. RIAS was evaluatedagainstRepeatedIncrementalPruningtoProduceErrorReduction(RIPPER) algorithm, results of the two algorithms were compared and found that as much as the accuracy results for RIAS were high, the computation time of RIAS is not as good as that of RIPPER. Clustering based on weighted support was applied to a dataset with attributesremovedandthewholedatasetandresultsshowedthattheclusteringaccuracy
ofthedatasetwithremovedattributeswasbetterthanthatofthewholedatasetimplying that RIAS algorithm is eﬀective.