I. INTRODUCTION:

One of the main objectives of cyber security over a network is to protect our data or information. The main purpose of security is to maintain confidentiality, integrity and availability. Cyber security is the combination of process and technology designed to protect network, computer, and information from attack, damage or unauthorized access. Attack is nothing but an unauthorized activity over the network, if we do not have any security plan to protect our data and network then our network and information are expressions the conceivable outcomes of the assaultive or hurt, either physically or genuinely. In other words we can say that it will be in unsafe state. Some common types of attacks over the networks are: Eaves dropping, data modification, identity spoofing, password attack, denial-of-service attack etc.

The people who perform this activity are intruder or we can say that just a person try to do authorize access to a system or network. The two major parts of intender are: first is an outsider intender (masquerade), second is an inside intender (misfeasor).

An intrusion detection system is a device or software application that system informant or continues monitor for malicious activity or policy violation. The main objective of intrusion is to gain access or increase privileges. Any detected activity or violation is typically report either to an administration or collected centrally using security. For this purpose IDS system uses various Data mining approaches or techniques.

Data mining refers to extracting or mining the knowledge from large amounts of data it is also known as KDD. Some data mining techniques that are adapted by intrusion detection system to monitor such types of activity or policies are classification, clustering, association rule mining etc.

II. CLASSIFICATION OF INTRUSION DETECTION:

The intrusion detection system is a type of system or software which provides security to our computer system or also monitor the network traffic that for all types of hostile attack that originates from outside the organization and inside the organization.

A. Network-based intrusion detection System:

Network based intrusion detection system detects the intrusion when the intruder attack on the entire network. To control this type of intrusion NIDS is used as a network adapter to listen and analyzed packets travel across the network. This can be able to monitor large network and easy to fit into existing network but this system become unstable and crash when the attackers fragment their packets [1].

B. Host-based intrusion detection:

Host based detection system monitors the logs that are generated by the host operating system or an application program for this purpose it place sensor on network resources. This system are able to detect those intruders which are not detected by network based IDS or local events to manage and configure every individual system is difficult. One of the main differences between NIDS and HIDS is that NIDS can access information that is encrypted when travelling through the network while HIDS encrypted traffic will decrypted and available for processing [1].

C. Anamoly based intrusion:

It is technique involves in both NIDS and HIDS .This technique is based on pattern, signature and attempts to detect any types of milieus activity that comes out of normal system. As compare to signature based system it is less dependent IDS on operating environment[2].

D. Signaure based intrusion:

In this techniques attacks are detected by looking specific patterns such as sequence of bytes in network traffic or sequence of known milicious intruction used by malware. It can detect only known attacks and unable to detect those pattern which is available more dependent on operating environment in compare to anomaly based[2].

II. LITERATURE REVIEW:

A. Anna Littl et al. (2011):

According to this paper authors uses the spectural clustering algorithm to learn relevant feature ,signature pattern of attacks and according to grouping the features of attacks . This algorithm are enough to taken out data in a database for recognize the attacks and by using these algorithm the accuracy of classifying is high for DOS, U2R but lower for Probe attack. . In future more modification is needed to enhance the accuracy of classifying all type of attacks and consider as best classification algorithm for intrusion detection system to classify all types of attack over network comes from day to day activity by computer user over the network”[11].

B. Sheraz Naser et al. (2018):

According to this researcher of this paper is to investigate the suitability of deep learning approaches for anomaly based intrusion detection system . They have used two models i.e deep learning and convolution neural network model. The experiments are performed based on a GPU-based test bed . In this model were trained on NSLKDD training dataset . They implemented conventional MLIDS to make comparision of model more successful with different well-known classification technique such as Extreme learning machine , K-NN, Decision-tree etc found that Deep-learning is not only successful but also encouraging technology for the security application . In this paper its future need is that more investigation is needed for deeplearning as features extraction tool for anomaly detection and found that percent of Correct Classification in J48 graft was higher than bayesnet and naïve bayes algorithm.[9]

C. K. Raja, and M. Lilly Florence:

In this paper they discuss about the IDS which is used for tracking intruder in LAN network. This IDS is based on ID3 algorithm .Here author discuss about entropy and Information gain which is the main mathematical concept and computational term of decision tree algorithm.The data used for estimation of intruder are IP address, Protocol and Portno.Apply the decision tree algorithm with real time data taken from any organization and conclude port no or protocol is more suitable for taking decision.For the future scope of this ids author suggested that need to extend this system for any type of network.[10]

D. Cheung-Leung-Lui et al. (2005):

He describes that “ The number of agents based technique number of agent based techniques that differentiate the traffic attack and found that the strength of agent the capturing kind of network behavior is directly proportional to strength of developed IDS. Using this agent to detect different type of attack there are three data mining technique these are: Clustering, Association rule, Sequential Association Rule are involve in these stage. The proposed developed system by using no. of agent are totally different then both training and detection process. For these purpose, Clustering, Association Rule, and Sequential Association Rule are adapted. The proposed system able to detect anomaly from normal traffic after the training when new types of intrusion come by distinguish it from normal traffic.[7]

E. Ketan Sanjay Desale, Chandrakant Namdev Kumathekar (2015):

In this paper authors discuss about IDS System with high performance because with the improvement of technology data will be streaming data i-e changes with time. For the Security Perspective it discuss about the mechanism to improve the efficiency of IDS with the help of streaming data i-e changes with time. For the Security perspective it discuss about the mechanism to improve the efficiency of IDS with the help of streaming data mining technique are Naïve Bayes algorithm, Hoeffiding Tree algorithm, Updated Ensemble algorithm, Accuracy weighted Ensemble algorithm With the performance of their classification found that naïve bayes & Hoeffiding gives best result than accuracy updated ensemble and accuracy weight ensemble and accuracy weight ensemble classifier. Which is much more important stream type data.[6]

F. Mr. Mohit Tiwari, Raj Kumar, Akash Bharti, Jai Kishan (2017):

In This paper author discuss about study of intrusion detection system , its need with the growth of usage of internet their is highly risk to prevent our data from intruder, discuss about the techniques used by intruder such as Password cracking, peer-to-peer attack, sniffing attack. According to this paper it categorise the IDS system into two categories -Network based IDS, Host based IDS. Discuss about the function like data collection, feature selection, analysis, action etc, its component mainly it has three component these are Sensor(Activity or packet capture engine), Backend(Event recording of database, alerting engine) and Front end (User interface and Command),various types of attacks taken place in OSI Layer such as denial of service, Distributed denial of service attack, SYN attack, ping of death, evaves-dropping etc and the tools used by IDS such as SNORT, OSSEC-HIDS, KISMET. In this paper authors developed IDS tool for research purpose its name is RAJ IDS it is based on two models Local(when you have just one system to monitor) and Client server model (for centralized purpose),discuss also its component and also include all those point which is for needed for highly secured IDS [2].

G. Muamer N. Mohammada, Norrozila Sulaimana, Osama Abdulkarim Muhsin (2010):

In this authors deal with the approach which makes better IDS ,the approach depend on datamining and expert system and it is implemented on weka.weka is nothing but group of machine learning algorithm , it provides an tools which automatically perform datamining task.In this paper authors proposed an algorithm which is based on the combination of datamining and expert system. It gives the better,efficient and reliable intrusion detection system and also solve the problem occure with traditional system “The IDS for the anomaly detection need firstly learn the characteristics of normal activities and abnormal activities and then the IDS which detect traffics that deviate from normal activities”.The detection rate of proposed algorithm will be calculated in terms of min_support and min_confidence and got the result detection rate of proposed algorithm is relatively higher and faster than the Signature apriority. Recently it becomes most popular research topic in the field of network security and artificial intelligence.[3]

H. Manisha Kansra, Pankaj Dev Chadha (2016):

In this paper authors discuss the problem occur with Intrusion detection system such as misjudgement, misdetection and classification of IDS traditionally it has two categories host-based and network-based intrusion detection system. But it can also categorise in three category hostbased, network based and hybrid detection system . Also dicuss the limitation of traditional system and current IDS system such as: Threshold detection, False positives, False negatives, Updates lag etc and datamining methods and algorithm .It proposed a system. J48 decision tree classifier and Naïve Bayesian classifier and by calculating their classification accuracy and cost analysis result check the performance of proposed system and found that the percent of correct accuracy of classification of J48 algorithm was higher than naive base strategy[4].

J. Fadwa Abdul Aziz Alseiari and Zeyar Aung (2015):

In This paper author proposed a DIDS (Distributed Intrusion Detection System) for the security purpose while dealing with smart grid which works on mesh network. The ability of proposed system is that it detect the attackers, detect violation in less amount of time than other available IDS system and work as distributed. According to this it categorise the network into three categories signature based, specification based and anomaly based. It deals with two datamining algorithms MIN BATCH and KMEAN this algorithms are used for differentiating normal data from an amolous data. MINBATCH is well suited because it deal with dyanamically type data like stream data. The proposed DIDS works in two detection layer it work as both data concentrator and head server. In this paper discussing the working of DIDS with first layer detection. For the result analysis it used two criteria silhouette score, Performance metrics. After analysing in terms of DR(detection rate) and FPR(False positive rate).with the dealing with DOS attack and Port Scanning attack and found that Min-Batch is more superior than kmean algorithm in terms of achieving consistently low FPR and close to Perfact DR for all iteration. It will need to also implement the working of DIDS with second layer and deals with variety of attacks to improve the performance and effectiveness of proposed system[8].

CONCLUSION:

With the growth of technology most of our vital information are already stored in a computer remote and while sharing it over the network problem came in front of us our data is not safe. Their may be a great chances of intrusion of our data by various types of intruders. The main issue is that need a security system which overcome from various attacks comes over the network. In this survey paper we provided an overview of datamining, datamining techniques, Intrusion, IDS system and their categories, proposed algorithms for IDS, datamining techniques and various datamining algorithms for developing effective IDS system.

REFERENCES:

1. Niranjan A, Nitish A, P Deepa Shenoy & Venugopal K R; “Security in Data Mining- A Comprehensive Survey”; Global Journals Inc.(USA), Volume: 16 Issue 5 Year 2016, Online ISSN: 0975-4172 & Print ISSN: 0975-4350.

2. Mr. Mohit Tiwari, Raj Kumar, Akash Bharti, Jai kishan; “Intrusion Detection System”; International Journal of Technical Reaserch and Applications”; Volumn: 5, Electronic-ISSN:2320-8163, pp. 38-44, Issue 2 (March-April 2017).

3. Muamer N. Mohammada, Norrozila Sulaimana, Osama Abdulkarim Muhsin ; “A Novel Intrusion Detection System by using Intelligent Data Mining in Weka Environment”; Elsevier Ltd. Open access under CC BY-NC-ND license”; DOI:10.1016/j.procs.2010.12.198.

4. Manisha Kansra, Pankaj Dev Chadha; “Cluster Based detection of Attack IDS using Datamining”; International Journal of Engineering Development and Research”; Volumn: 4, Electronic-ISSN:2321-9939, Issue 3 (2016).

5. Wenke Lee and Salvatore J. Stolfo; “Data Mining Approaches for Intrusion Detection”; the 7th USENIX Security Symposium San Antonio, Texas”; 26-29 January 1998.

6. Ketan Sanjay Desale Chandrakant , Namdev Kumathekar, Arjun Pramod Chavan; “Efficient Intrusion Detection System using Stream Data Mining Classification Technique”; International Conference on Computing Communication Control and Automation, 2015.

7. Cheung-Leung Lui, Tak-Chung, Fu Ting-Yee Cheung; “Agent-based Network Intrusion Detection System Using Data Mining Approaches”; IEEE, Print ISBN: 0-7695-2316-1, 01 August 2005, DOI: 10.1109/ICITA.2005.57.

8. Fadwa Abdul Aziz Alseiari and Zeyar Aung; “Real-Time Anomaly-Based Distributed Intrusion Detection Systems for Advanced Metering Infrastructure Utilizing Stream Data Mining”; International Conference on Smart Grid and Clean Energy Technologies”; Volumn: 5, Electronic-ISSN:2320-8163, pp. 38-44, Issue 2 ( 2015).

9. Sheraz Naseer, Yasir Saleem, Shehzad Khalid, Muhammad Khawar Bashir, Jihun Han, Muhammad Munwar Iqbal, Kijun Han; “Enhanced Network Anomaly Detection Based on Deep Neural Networks”; IEEE, Volumn:6, Electronic-ISSN:2169-3536, 17Augustl 2018.

10. K. Raja, and M. Lilly Florence; “Tracking of Intruder in Local Area Network Using Decision Tree Learning Algorithms”; Asian Journal of Applied Sciences (ISSN: 2321 0893)Volume 05 – Issue 01, February 2017, DOI: 10.1109/Big Data Security-HPSC-IDS.2016.39.

11. Anna Little, Xenia Mountrouidou, Daniel Moseley; “Spectral Clustering Technique for Classifying Network Attacks”; IEEE, DOI: 10.1109/Big Data Security-HPSC-IDS.2016.39.

Received on 20.05.2020 Accepted on 18.06.2020

Research J. Engineering and Tech. 2020;11(2):109-112.

DOI: 10.5958/2321-581X.2020.00019.7