Handling ambiguous packets in intrusion detection

Intrusion detection system (IDS) is of paramount importance in the present network and system security. Intrusion detection can successfully prevent many attempts to crash network and hamper web services by intruders and hackers. The classification data mining approaches are proposed and used effectively for intrusion detection. However, presences of ambiguous data packets which exhibit traits of two or more classes reduce the overall accuracy of classification. In this paper, we demonstrate the use of supervised partition membership preprocessing method to identify ambiguous packets. We propose an integrated model that results in improved classification accuracy by explicitly clustering ambiguous packets to overcome its misclassification. The novelty of our approach lies in use of non-crisp clustering techniques like fuzzy c-means (FCM) and rough k-means (RKM) that can model ambiguity. Further, we also examined whether FCM clustering and RKM clustering can help to determine class of ambiguous packets exactly or approximately. The support vector machine (SVM) and J48 classifiers results obtained on two standard data sets are presented and compared.