Detection of DoS attack time interval sequences on network traffic

As the total amount of traffic data in networks has been growing at an alarming rate, there is currently a substantial body of research that attempts to mine traffic data with the purpose of obtaining useful information. Many intrusions aren´t composed by single events, but a series of attack steps in chronological order. Analyzing the order in which events occur can improve the attack detection accuracy and reduce false alarms. This is because, very often, intrusion is a multi step process in which a number of events must occur sequentially in order to launch a successful attack. Therefore, sequential pattern mining algorithms are applied to intrusion detection to mine the order correlation about time sequential data, and then it can detect this kind of attack. Sequential pattern mining is an important data mining problem with broad applications. In this paper, we have implemented I-Apriori a candidate generation algorithm and I- PrefixSpan a pattern growth algorithm to detect time interval denial of service (DoS) attack sequences on network traffic data of KDD Cup 1999, 10 percent of training dataset, which is the annual Data Mining and Knowledge Discovery competition organized by ACM Special Interest Group on Knowledge Discovery and Data Mining, the leading professional organization of data miners. The comparison study is done on the number of patterns and on the average length of patterns obtained by varying the time interval of the sequential patterns.