Towards Integrating Data Mining with Knowledge Based System: The Case of Network Intrusion Detection

Abdulkerim, Mohammed (2013) Towards Integrating Data Mining with Knowledge Based System: The Case of Network Intrusion Detection. Masters thesis, Addis Ababa University.

[img] PDF (Towards Integrating Data Mining with Knowledge Based System: The Case of Network Intrusion Detection)
Abdulkerim, Mohammed.pdf - Accepted Version
Restricted to Repository staff only

Download (2MB) | Request a copy

Abstract

Network intrusion is one of cyber attacks which bypass the security mechanisms of computer systems. Protection of such types of attacks ensures organizations from unplanned shut down of networks which have otherwise bad consequent on the organization. Intrusion detection systems respond to malicious activities. Misuse detection searches for patterns or user behaviors that match known intrusion scenarios, which are stored as signatures. Anomaly detection keeps normal behavior of network and it label as an attack behaviors which are beyond this. Data mining has been used for intrusion detection systems due to the fact that they are generally more precise and require far less manual processing and input from human experts. But researches which employed data mining for intrusion detection merely generate patterns and they lack in utilizing the knowledge. In this study, rule based intrusion detection and advising knowledge based system is proposed. The system is aiming at utilizing hidden knowledge extracted by employing induction algorithm of data mining, specifically JRip from sampled KDDcup‘99 intrusion data set. The integrator application then links the model created by JRip classifier to knowledge based system so as to add knowledge automatically. In doing so, the integrator understands the syntax of JRip classifier and PROLOG and converts from rule representation in JRip to PROLOG understandable format. Finally, the performance of the system is evaluated by preparing test cases. Twenty test cases are prepared for system performance test and provided to domain experts. For user acceptance test users are trained and evaluated the system. Generally the system has scored 80.5% overall performance which is a promising result. But further exploration has to be done to refine the knowledge base and boost the advantages of integrating data mining induced knowledge with knowledge based system.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Intrusion detection, data mining, knowledge based system, Integrator
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > TN Mining engineering. Metallurgy
Divisions: Africana
Depositing User: Selom Ghislain
Date Deposited: 12 Jun 2018 13:37
Last Modified: 12 Jun 2018 13:37
URI: http://thesisbank.jhia.ac.ke/id/eprint/4214

Actions (login required)

View Item View Item