Reducing network intrusion detection association rules using Chi-Squared pruning technique

Increasing number of computer networks now a day has increased the effort of putting networks in secure with various attack risk. Intrusion Detection System (IDS) is a popular tool to secure network. Applying data mining has increased the quality of intrusion detection neither as anomaly detection or misused detection from large scale network traffic transaction. Association rules is a popular technique to produce a quality misused detection. However, the weaknesses of association rules is the fact that it often produced with thousands rules which reduce the performance of IDS. This paper aims to show applying post-mining to reduce the number of rules and remaining the most quality rules to produce quality signature. The experiment conducted using two data set collected from KDD Cup 99. Each data set is partitioned into 4 data sets based on type of attacks (PROB, UR2, R2L and DOS). Each partition is mining using Apriori Algorithm, which later performing post-mining using Chi-Squared (χ²) computation techniques. The quality of rules is measured based on Chi-Square value, which calculated according the support, confidence and lift of each association rule. The experiment results shows applying post-mining has reduced the rules up to 98% and remaining the quality rules.