Reducing network intrusion detection association rules using Chi-Squared pruning technique

Ammar Fikrat Namik, Zulaiha Ali Othman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Increasing number of computer networks now a day has increased the effort of putting networks in secure with various attack risk. Intrusion Detection System (IDS) is a popular tool to secure network. Applying data mining has increased the quality of intrusion detection neither as anomaly detection or misused detection from large scale network traffic transaction. Association rules is a popular technique to produce a quality misused detection. However, the weaknesses of association rules is the fact that it often produced with thousands rules which reduce the performance of IDS. This paper aims to show applying post-mining to reduce the number of rules and remaining the most quality rules to produce quality signature. The experiment conducted using two data set collected from KDD Cup 99. Each data set is partitioned into 4 data sets based on type of attacks (PROB, UR2, R2L and DOS). Each partition is mining using Apriori Algorithm, which later performing post-mining using Chi-Squared (Ξ2) computation techniques. The quality of rules is measured based on Chi-Square value, which calculated according the support, confidence and lift of each association rule. The experiment results shows applying post-mining has reduced the rules up to 98% and remaining the quality rules.

Original languageEnglish
Title of host publicationConference on Data Mining and Optimization
Pages122-127
Number of pages6
DOIs
Publication statusPublished - 2011
Event2011 3rd Conference on Data Mining and Optimization, DMO 2011 - Putrajaya
Duration: 28 Jun 201129 Jun 2011

Other

Other2011 3rd Conference on Data Mining and Optimization, DMO 2011
CityPutrajaya
Period28/6/1129/6/11

Fingerprint

Association rules
Intrusion detection
DOS
Computer networks
Data mining
Experiments

Keywords

  • Apriori Algorithm
  • Association Rules
  • Chi-Square
  • Intrusion Detection System

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Software

Cite this

Reducing network intrusion detection association rules using Chi-Squared pruning technique. / Namik, Ammar Fikrat; Ali Othman, Zulaiha.

Conference on Data Mining and Optimization. 2011. p. 122-127 5976515.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Namik, AF & Ali Othman, Z 2011, Reducing network intrusion detection association rules using Chi-Squared pruning technique. in Conference on Data Mining and Optimization., 5976515, pp. 122-127, 2011 3rd Conference on Data Mining and Optimization, DMO 2011, Putrajaya, 28/6/11. https://doi.org/10.1109/DMO.2011.5976515
Namik, Ammar Fikrat ; Ali Othman, Zulaiha. / Reducing network intrusion detection association rules using Chi-Squared pruning technique. Conference on Data Mining and Optimization. 2011. pp. 122-127
@inproceedings{0cb516062abc41488e76950d176937e6,
title = "Reducing network intrusion detection association rules using Chi-Squared pruning technique",
abstract = "Increasing number of computer networks now a day has increased the effort of putting networks in secure with various attack risk. Intrusion Detection System (IDS) is a popular tool to secure network. Applying data mining has increased the quality of intrusion detection neither as anomaly detection or misused detection from large scale network traffic transaction. Association rules is a popular technique to produce a quality misused detection. However, the weaknesses of association rules is the fact that it often produced with thousands rules which reduce the performance of IDS. This paper aims to show applying post-mining to reduce the number of rules and remaining the most quality rules to produce quality signature. The experiment conducted using two data set collected from KDD Cup 99. Each data set is partitioned into 4 data sets based on type of attacks (PROB, UR2, R2L and DOS). Each partition is mining using Apriori Algorithm, which later performing post-mining using Chi-Squared (Ξ2) computation techniques. The quality of rules is measured based on Chi-Square value, which calculated according the support, confidence and lift of each association rule. The experiment results shows applying post-mining has reduced the rules up to 98{\%} and remaining the quality rules.",
keywords = "Apriori Algorithm, Association Rules, Chi-Square, Intrusion Detection System",
author = "Namik, {Ammar Fikrat} and {Ali Othman}, Zulaiha",
year = "2011",
doi = "10.1109/DMO.2011.5976515",
language = "English",
isbn = "9781612842127",
pages = "122--127",
booktitle = "Conference on Data Mining and Optimization",

}

TY - GEN

T1 - Reducing network intrusion detection association rules using Chi-Squared pruning technique

AU - Namik, Ammar Fikrat

AU - Ali Othman, Zulaiha

PY - 2011

Y1 - 2011

N2 - Increasing number of computer networks now a day has increased the effort of putting networks in secure with various attack risk. Intrusion Detection System (IDS) is a popular tool to secure network. Applying data mining has increased the quality of intrusion detection neither as anomaly detection or misused detection from large scale network traffic transaction. Association rules is a popular technique to produce a quality misused detection. However, the weaknesses of association rules is the fact that it often produced with thousands rules which reduce the performance of IDS. This paper aims to show applying post-mining to reduce the number of rules and remaining the most quality rules to produce quality signature. The experiment conducted using two data set collected from KDD Cup 99. Each data set is partitioned into 4 data sets based on type of attacks (PROB, UR2, R2L and DOS). Each partition is mining using Apriori Algorithm, which later performing post-mining using Chi-Squared (Ξ2) computation techniques. The quality of rules is measured based on Chi-Square value, which calculated according the support, confidence and lift of each association rule. The experiment results shows applying post-mining has reduced the rules up to 98% and remaining the quality rules.

AB - Increasing number of computer networks now a day has increased the effort of putting networks in secure with various attack risk. Intrusion Detection System (IDS) is a popular tool to secure network. Applying data mining has increased the quality of intrusion detection neither as anomaly detection or misused detection from large scale network traffic transaction. Association rules is a popular technique to produce a quality misused detection. However, the weaknesses of association rules is the fact that it often produced with thousands rules which reduce the performance of IDS. This paper aims to show applying post-mining to reduce the number of rules and remaining the most quality rules to produce quality signature. The experiment conducted using two data set collected from KDD Cup 99. Each data set is partitioned into 4 data sets based on type of attacks (PROB, UR2, R2L and DOS). Each partition is mining using Apriori Algorithm, which later performing post-mining using Chi-Squared (Ξ2) computation techniques. The quality of rules is measured based on Chi-Square value, which calculated according the support, confidence and lift of each association rule. The experiment results shows applying post-mining has reduced the rules up to 98% and remaining the quality rules.

KW - Apriori Algorithm

KW - Association Rules

KW - Chi-Square

KW - Intrusion Detection System

UR - http://www.scopus.com/inward/record.url?scp=80055053686&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80055053686&partnerID=8YFLogxK

U2 - 10.1109/DMO.2011.5976515

DO - 10.1109/DMO.2011.5976515

M3 - Conference contribution

SN - 9781612842127

SP - 122

EP - 127

BT - Conference on Data Mining and Optimization

ER -