Improving Detection Rates Using Misuse Detection and Machine Learning

Abstract

Network Security is becoming a crucial issue for all the firms and companies and with the increase in knowledge of intruders and hackers they have made many prosperous attempts to bring down web services and high-profile company networks. Internet has changed and significantly enhanced the way we do business, this massive network have opened the ways to an growing number of security attacks from which corporations must protect them. Network security is the provision made in an underlying computer network or rules made by the administrator to protect the network and its resources from unauthorized access. With the recent advances in the field of network security a technique called Intrusion Detection System are develop to further enhance and make your network secure. It is a way by which we can protect our internal network from outside attack, and can take appropriate action if needed. The thesis starts with the introductive study of various kinds of attacks in the network and then different tools to protect network from various malicious activities are studied. On the broader level, there are two techniques that are for detecting Intrusions viz. misuse detection and anomaly detection. Misuse detection detects intrusions by matching the network traffic with database of stored signatures and anomaly detection looks for behaviour deviating from normal or common behaviour for detecting intrusions. The primary objective of the thesis work is to combine both these techniques. The KDD dataset is used for this purpose. Finally the data is processed on classification algorithms to obtain the results. The results show high percentage of correct classification and accuracy. Experimental evaluation shows that the combined approach of Machine learning and misuse detection gives better performance.