Detecting TCP Based Attacks Using Data Mining Algorithms

Intrusion Detection Systems have become a necessary in computer networking security of largest networks. In the recent years, the system needs to identify new intrusion in largest datasets in a timely manner because internet to instantly access information at anytime from anywhere. That is a massive increasing of data traffic and internet nodes. Therefore, to refine an IDS’s performance and computing time is a one of the important challenges in computer network security field. We are introducing by this paper studying the effects of TCP based attacks on AI algorithms computing time and detection ratio using KDDCUP dataset and our collected dataset. We are to gather network traffic; normal and abnormal containing attack are collected by SNORT. We extract features in TCP headers of the packets in the collected dataset such as sequence and acknowledge numbers, window size, control flags, and an event which is time between neighbour segments. First we normalize the feature set to reduce dimensionality of our input feature space and apply Pearson correlation to measure the dependability of the relationship. Finally, the selected subset of the features is given to learn the classifiers: J-48, Naïve Bayes and ANNs. By adopting the concepts of machine learning and datamining, we could detect 98% of abnormal traffic containing attacks.