INTRUSION DETECTION USING ASSOCIATION RULE AND SUPPORT VECTOR MACHINE

Abstract

In this modern technology-driven age, protecting our personal information from being accessed by unauthorized users is becoming more difficult. Highly classified details are becoming more available to public databases, because we are more interconnected than ever. Thus, our data is available for almost anyone to sift through due to this interconnectivity, and this creates a negative mindset that the use of technology is dangerous, unreliable and highly unprotective because practically anyone can access the private information of others for a price. Intrusion detection systems (IDS) are the key solution for detecting these attacks so that the network remains reliable. Different classification approaches were used to evaluate intrusion detection system basically on rule-based and non-rule-based. The weaknesses discovered from the previous work are the key motivation for this research work. These includes: The work done on Network Intrusion Detection using Association Rules which generated an incomprehensive set of attack rules due to the small percentage of KDD’99 dataset used for training set, proposed wrapper method for feature selection in multiple class dataset using a sequential backward elimination method which is more computationally expensive and time consuming, and development of a Denial of Service attack detection using machine learning technique in which the Significant features of the dataset were not extracted, and the extraction was done using only one extraction technique which results in high level of FAR (False Alarm Rate) due to poor detection of attacks. This research makes use of NSL-KDD and UNSW-NB15 datasets, with Mutual Information and ANOVA (Analysis of Variance) as the feature selection techniques. In addition, an intrusion detection model was developed based on association rule and support vector machine and consequently, the performance of the model was evaluated. From the results obtained, the features selected from NSL-KDD dataset using Mutual Information gives 72% accuracy and 79% accuracy with ANOVA, and the features selected from NUSW-NB15 dataset using Mutual Information gives 90% accuracy and 85% accuracy with ANOVA when trained with SVM. Also, the features selected from NSL-KDD dataset using Mutual Information gives 67% accuracy and 68% accuracy with ANOVA, and the features selected from NUSW-NB15 dataset using Mutual Information gives 67% accuracy and 40% accuracy with ANOVA when trained with Association Rule. In conclusion, SVM (non-rule based machine learning) with both Mutual Information and ANOVA perform excellently in terms of accuracy than Association rule a rule-based machine learning technique.