![](https://csdnimg.cn/release/download_crawler_static/18906140/bg1.jpg)
International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
DOI: 10.5121/ijnsa.2019.11302 21
CLASSIFICATION PROCEDURES FOR INTRUSION
DETECTION BASED ON KDD CUP 99 DATA SET
Shaker El-Sappagh, Ahmed Saad Mohammed, Tarek Ahmed AlSheshtawy
Faculty of Computers & Informatics, Benha University, Egypt.
A
BSTRACT
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way
to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number
of false alerts; this issue motivates several experts to discover the solution for minifying false alerts
according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD
CUP 99. This paper presented various data mining classification for handling false alerts in intrusion
detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99
that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The
best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4
seconds .
It is concluded that ,various procedures should be utilized to handle several of network attacks.
K
EYWORDS
Intrusion Detection, Data Mining, KDD CUP 99, False Alarms
1. I
NTRODUCTION
Communication system plays an inevitable role in common people’s daily life. Computer
networks are effectively used for business data processing, education and learning, collaboration,
widespread data acquisition, and entertainment [1]. With the enormous growth of computer
networks usage and internet accessibility, more organizations are becoming susceptible to a wide
variety of attacks and threats [2]. One of the main challenges in the security management of large-
scale high-speed networks is the detection of suspicious anomalies in network traffic patterns due
to distributed denial of service (DDoS) attacks or worm propagation [3].
Generally, the major focus of the network attacks is to increase the threat against the commercial
business and our daily life, so it becomes a serious problem for the researchers to find a suitable
solution for these types of attacks [4]. Network security is becoming an absolute necessity to
protect information contained in the computer systems worldwide. With the rapid expansion of
computer networks during the past decade, the network grows in size and complexity, and
computer services expansion, vulnerabilities within the local area and wide area network become
a huge problem [5]. Nowadays, network security is a world hot topic in computer security and
defense. Intrusions, attacks, or anomalies in network infrastructure lead mostly in great financial
losses and massive sensitive data leaks. Therefore, they decrease the efficiency and quality of
productivity of organizations [6]. Reliance on Internet and world wide connectivity has increased
the potential damage that can be inflicted by attacks launched over Internet against remote
systems. Successful attacks inevitably occur despite the best security precautions [7].
Intrusion detection system (IDS) is a program that tries to find indications that the computer has
been compromised [8]. It attempts to detect an intruder breaking into computer system or
Electronic copy available at: https://ssrn.com/abstract=3401645