Agent-based network intrusion detection system using data mining approaches

Abstract

Most of the existing commercial NIDS products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the actual behavior of network traffic, and portfolio mined is useful for differentiating "normal" and "attack" traffics. On the other hand, most of the current researches are using only one engine for detection of various attacks; the proposed system is constructed by a number of agents, which are totally different in both training and detecting processes. Each of the agents has its own strength on capturing a kind of network behavior and hence the system has strength on detecting different types of attack. In addition, its ability on detecting new types of attack as well as a higher tolerant to fluctuations were shown. The experimental results showed that the frequent patterns mined from the audit data could be used as reliable agents, which outperformed from traditional signature-based NIDS.