Data mining in computer network data : intrusion detection systems.

Abstract

In this paper we outline the basic points of the fast growing field of data mining (or as it also known knowledge discovery from data) emphasizing on one critical subdomain known as outlier detection or anomaly detection. We examine this particular area under the prospective of the computer networks security. Anomaly detection is the identification of rare, abnormal observations which contain valuable information, and for that reason they are the main objects of interest in the specific problem domain. At the first parts we analyze the different outlier definitions as described in bibliography together with the major algorithms and techniques that exist until today. We analyze the characteristics and the basic architect of a NIDS focusing on the state of the art system for each category SNORT and MINDS. At the end we contact an experiment with a small subset of the KDD’99 data set with the help of WEKA and the LOF, in order to highlight the importance of the measure, attribute and data object selection and their role to the final quality of the results. At the end, we presented the challenges, that the ideal solution will be a combination of the two major NIDS categories, the old data sets that are used in the experiments which are unable to describe the contemporary characteristics of the network traffic, the issues that are occurring due to the constant increase of the networks, and we forecast that future research will needed in specific directions of the network intrusion detection, for example towards cloud data, wireless data etc.