Research Article Open Access

Evaluating the Strengths and Weaknesses of Mining Audit Data for Automated Models for Intrusion Detection in Tcpdump and Basic Security Module Data

G. Mohammed Nazer1 and A. Arul Lawrence Selvakumar2
  • 1 IFET College of Engineering, India
  • 2 Adhiparasakthi Engineering College, India

Abstract

Problem statement: Intrusion Detection System (IDS) have become an important component of infrastructure protection mechanism to secure the current and emerging networks, its services and applications by detecting, alerting and taking necessary actions against the malicious activities. The network size, technology diversities and security policies make networks more challenging and hence there is a requirement for IDS which should be very accurate, adaptive, extensible and more reliable. Although there exists the novel framework for this requirement namely Mining Audit Data for Automated Models for Intrusion Detection (MADAM ID), it is having some performance shortfalls in processing the audit data. Approach: Few experiments were conducted on tcpdump data of DARPA and BCM audit files by applying the algorithms and tools of MADAM ID in the processing of audit data, mine patterns, construct features and build RIPPER classifiers. By putting it all together, four main categories of attacks namely DOS, R2L, U2R and PROBING attacks were simulated. Results: This study outlines the experimentation results of MADAM ID in testing the DARPA and BSM data on a simulated network environment. Conclusion: The strengths and weakness of MADAM ID has been identified thru the experiments conducted on tcpdump data and also on Pascal based audit files of Basic Security Module (BSM). This study also gives some additional directions about the future applications of MADAM ID.

Journal of Computer Science
Volume 8 No. 10, 2012, 1649-1659

DOI: https://doi.org/10.3844/jcssp.2012.1649.1659

Submitted On: 25 July 2012 Published On: 25 August 2012

How to Cite: Nazer, G. M. & Selvakumar, A. A. L. (2012). Evaluating the Strengths and Weaknesses of Mining Audit Data for Automated Models for Intrusion Detection in Tcpdump and Basic Security Module Data. Journal of Computer Science, 8(10), 1649-1659. https://doi.org/10.3844/jcssp.2012.1649.1659

  • 3,029 Views
  • 2,741 Downloads
  • 1 Citations

Download

Keywords

  • Feature construction
  • data mining
  • intrusion detection
  • denial of service
  • network security