Journal of Computer Science

Evaluating the Strengths and Weaknesses of Mining Audit Data for Automated Models for Intrusion Detection in Tcpdump and Basic Security Module Data

G. Mohammed Nazer and A. Arul Lawrence Selvakumar

DOI : 10.3844/jcssp.2012.1649.1659

Journal of Computer Science

Volume 8, Issue 10

Pages 1649-1659


Problem statement: Intrusion Detection System (IDS) have become an important component of infrastructure protection mechanism to secure the current and emerging networks, its services and applications by detecting, alerting and taking necessary actions against the malicious activities. The network size, technology diversities and security policies make networks more challenging and hence there is a requirement for IDS which should be very accurate, adaptive, extensible and more reliable. Although there exists the novel framework for this requirement namely Mining Audit Data for Automated Models for Intrusion Detection (MADAM ID), it is having some performance shortfalls in processing the audit data. Approach: Few experiments were conducted on tcpdump data of DARPA and BCM audit files by applying the algorithms and tools of MADAM ID in the processing of audit data, mine patterns, construct features and build RIPPER classifiers. By putting it all together, four main categories of attacks namely DOS, R2L, U2R and PROBING attacks were simulated. Results: This study outlines the experimentation results of MADAM ID in testing the DARPA and BSM data on a simulated network environment. Conclusion: The strengths and weakness of MADAM ID has been identified thru the experiments conducted on tcpdump data and also on Pascal based audit files of Basic Security Module (BSM). This study also gives some additional directions about the future applications of MADAM ID.


© 2012 G. Mohammed Nazer and A. Arul Lawrence Selvakumar. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.