Title :
Anomaly detection for PTM´s network traffic using association rule
Author :
Eljadi, Entisar E. ; Othman, Zulaiha Ali
Author_Institution :
Fac. of Inf. Sci. & Technol., Univ. Kebangsaan Malaysia, Bangi, Malaysia
Abstract :
In order to evaluate the quality of UKM´s NIDS, this paper presents the process of analyzing network traffic captured by Pusat Teknologi Maklumat (PTM) to detect whether it has any anomalies or not and to produce corresponding anomaly rules to be included in an update of UKM´s NIDS. The network traffic data was collected using WireShark for three days, using the six most common network attributes. The experiment used three association rule data mining techniques known as Appriori, Fuzzy Appriori and FP-Growth based on two, five and ten second window slicing. Out of the four data-sets, data-sets one and two were detected to have anomalies. The results show that the Fuzzy Appriori algorithm presented the best quality result, while FP-Growth presented a faster time to reach a solution. The data-sets, which was pre-processed in the form of two second window slicing displayed better results. This research outlines the steps that can be utilized by an organization to capture and detect anomalies using association rule data mining techniques to enhance the quality their of NIDS.
Keywords :
computer network security; data mining; fuzzy set theory; telecommunication traffic; FP-growth; PTM network traffic; Pusat Teknologi Maklumat; WireShark; association rule data mining techniques; datasets; fuzzy appriori algorithm; network intrusion detection system; window slicing; Algorithm design and analysis; Association rules; IP networks; Intrusion detection; Itemsets; Association Rules Techniques; Data Mining; network intrusion detection system (NIDS);
Conference_Titel :
Data Mining and Optimization (DMO), 2011 3rd Conference on
Conference_Location :
Putrajaya
Print_ISBN :
978-1-61284-211-0
Electronic_ISBN :
2155-6938
DOI :
10.1109/DMO.2011.5976506
