Anomaly detection for PTM's network traffic using association rule

Entisar E. Eljadi, Zulaiha Ali Othman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In order to evaluate the quality of UKM's NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM's NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.

Original languageEnglish
Title of host publicationConference on Data Mining and Optimization
Pages63-69
Number of pages7
DOIs
Publication statusPublished - 2011
Event2011 3rd Conference on Data Mining and Optimization, DMO 2011 - Putrajaya
Duration: 28 Jun 201129 Jun 2011

Other

Other2011 3rd Conference on Data Mining and Optimization, DMO 2011
CityPutrajaya
Period28/6/1129/6/11

Fingerprint

Pulse time modulation
Association rules
Data mining
Experiments

Keywords

  • Association Rules Techniques
  • Data Mining
  • network intrusion detection system (NIDS)

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Software

Cite this

Eljadi, E. E., & Ali Othman, Z. (2011). Anomaly detection for PTM's network traffic using association rule. In Conference on Data Mining and Optimization (pp. 63-69). [5976506] https://doi.org/10.1109/DMO.2011.5976506

Anomaly detection for PTM's network traffic using association rule. / Eljadi, Entisar E.; Ali Othman, Zulaiha.

Conference on Data Mining and Optimization. 2011. p. 63-69 5976506.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Eljadi, EE & Ali Othman, Z 2011, Anomaly detection for PTM's network traffic using association rule. in Conference on Data Mining and Optimization., 5976506, pp. 63-69, 2011 3rd Conference on Data Mining and Optimization, DMO 2011, Putrajaya, 28/6/11. https://doi.org/10.1109/DMO.2011.5976506
Eljadi EE, Ali Othman Z. Anomaly detection for PTM's network traffic using association rule. In Conference on Data Mining and Optimization. 2011. p. 63-69. 5976506 https://doi.org/10.1109/DMO.2011.5976506
Eljadi, Entisar E. ; Ali Othman, Zulaiha. / Anomaly detection for PTM's network traffic using association rule. Conference on Data Mining and Optimization. 2011. pp. 63-69
@inproceedings{021ce6d1b8834dd1bb7ae32565c5ee26,
title = "Anomaly detection for PTM's network traffic using association rule",
abstract = "In order to evaluate the quality of UKM's NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM's NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.",
keywords = "Association Rules Techniques, Data Mining, network intrusion detection system (NIDS)",
author = "Eljadi, {Entisar E.} and {Ali Othman}, Zulaiha",
year = "2011",
doi = "10.1109/DMO.2011.5976506",
language = "English",
isbn = "9781612842127",
pages = "63--69",
booktitle = "Conference on Data Mining and Optimization",

}

TY - GEN

T1 - Anomaly detection for PTM's network traffic using association rule

AU - Eljadi, Entisar E.

AU - Ali Othman, Zulaiha

PY - 2011

Y1 - 2011

N2 - In order to evaluate the quality of UKM's NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM's NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.

AB - In order to evaluate the quality of UKM's NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM's NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.

KW - Association Rules Techniques

KW - Data Mining

KW - network intrusion detection system (NIDS)

UR - http://www.scopus.com/inward/record.url?scp=80055034623&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80055034623&partnerID=8YFLogxK

U2 - 10.1109/DMO.2011.5976506

DO - 10.1109/DMO.2011.5976506

M3 - Conference contribution

SN - 9781612842127

SP - 63

EP - 69

BT - Conference on Data Mining and Optimization

ER -