مرکز منطقه ای اطلاع رساني علوم و فناوري

چكيده فارسي :

Proposed work aim to build a proposed Gain Association Rules -Based Network IntrusionDetection System (GARNIDS). GARNIDS trend to enhance traditional NIDS through usingthree of data mining algorithms; these are: Gain which is measure the entropy for each feature todetect it is Domination Degree (DD) for each attack, then feeding these features with their DD toa proposed Gain Association Rule (GAR) algorithm that to rank the features according to twoparameters (frequency and DD). Finally customize K Nearest Neighbor (KNN) as misuseclassifier (detect the intrusions and specify their types) the proposal assume the k equal to 3.Many experimental works are conducted to evaluate the proposal over the KDD 99 datasetand show the efficiency of KNN through registering 86% of accuracy with all features, 90% ofaccuracy with 25 top features and the accuracy was 98% with 8 top features. Also the DetectionRate (DR) and False Alarm Rates (FAR) are both measured with those three cases and still KNNwith the top 8 features is the higher in DR and lower in FAR. Finally when try the proposal inreal-time with tcpdump the third case register higher accuracy (93%)