Abstract
Intrusion detection system is a device or a software application which is used to monitor network traffic data for suspicious activity and alert the system administrator about any malicious activity or network policy violation that has occurred. Among the several techniques proposed for anomaly detection in network audit data, data mining techniques are used for efficient analysis of network audit data to detect any abnormalities occurred due to specific types of attacks. Association rule mining algorithm an unsupervised data mining algorithm has been applied for analysis of network audit data for detecting anomalies. Due to rapid increase of internet based services, cyber security has become a challenging problem. In this paper, a frame work using association rule mining algorithm, has been proposed for detecting suspicious activity in network traffic data. Further in order to increase the speed of processing for large size network traffic data, big data processing tool Apache Spark has been used. Among the several association rule mining algorithm FP growth algorithm has been used to generate attack rules that will detect malicious attack on network audit data. For the purpose of the experiment the Kyoto dataset which is available freely online has been used.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
NIST-Guide to Intrusion Detection and Prevention Systems, February 2007. http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf. Accessed 05 June 2010
Tsai, F.S., Chan, C.K. (eds.): Cyber Security. Pearson Education, Singapore (2006)
Nalavade, K., Meshram, B.B.: Mining association rules to evade network intrusion in network audit data. Int. J. Adv. Comput. Res. 4(2) issue 15 (2014). ISSN (print): 2249-7277 ISSN (online): 2277-7970
Tsai, F.S.: Network intrusion detection using association rules. Int. J. Recent Trends Eng. 2(2), 202 (2009)
Wikipedia. https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&oldid=83971452”4
Traffic Data from Kyoto University’s Honeypots. www.takakura.com/Kyoto_data/
Zaharia, M., Chowdhury, M., Das, T., Dave, A., Ma, J., McCauly, M., Franklin, M.J., Shenker, S., Stoica, I.: Resilient distributed datasets: a fault-tolerant abstraction for in-memory cluster computing. University of California, Berkley (2012)
Alexandrov, V.: Parallel Scalable Algorithms-Performance Parameters. www.bsc.es
Sun, X.-H., Gustafson, J.L.: Toward a better parallel performance metric. Parallel Comput. 17, 1093–1109 (1991)
Han, J., Kamber, M.: Data Mining Concepts and Techniques, 3rd edn. Morgan Kauffman (2006)
Agarwal, S., Agarwal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)
Wang, T., Guo, F.: Associating IDS alerts by an improved apriori algorithm. In: Third International Symposium on Intelligent Information Technology and Security Informatics, pp. 478–482. IEEE (2010). 978-0-7695-4020-7/10
Ma, Y.: The intrusion detection system based on fuzzy association rules mining. In: IEEE Conferences (2010)
Jain, R.: The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modelling. Wiley, New York (1991)
Brewer, E.: Aspects of a high-performance parallel-architecture simulator. Master’s thesis, Massachusetts Institute of Technology (1991)
Alexey, B.: Performance Evaluation in Parallel Systems
Song, J., Takakura, H., Okabe, Y.: Cooperation of intelligent honeypots to detect unknown malicious codes. In: WOMBAT Workshop on Information Security Threat Data Exchange (WISTDE 2008). The IEEE CS Press, Amsterdam, 21–22 April 2008
SIGKDD - KDD Cup. KDD Cup 1999: Computer network intrusion detection. [Internet]. www.kdd.org. Accessed 13 Feb 2018
Su, M.-Y., Chang, K.-C., Wei, H.-F., Lin, C.-Y.: A real-time network intrusion detection system based on incremental mining approach, pp. 179–184. IEEE (2008). 1-4244-2415-3/08
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dasgupta, S., Saha, B. (2021). Towards the Speed Enhancement of Association Rule Mining Algorithm for Intrusion Detection System. In: Abraham, A., Panda, M., Pradhan, S., Garcia-Hernandez, L., Ma, K. (eds) Innovations in Bio-Inspired Computing and Applications. IBICA 2019. Advances in Intelligent Systems and Computing, vol 1180. Springer, Cham. https://doi.org/10.1007/978-3-030-49339-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-49339-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49338-7
Online ISBN: 978-3-030-49339-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)