To search, Click below search items.


All Published Papers Search Service


An approach to detect TCP/IP based attack


Ugtakhbayar.N, Usukhbayar.B, Nyamjav.J


Vol. 16  No. 4  pp. 37-40


Intrusion Detection Systems have become an indispensable in computer networking security of all network types such as wired, wireless. In the last years, the system needs to identify new intrusion in large datasets in a timely manner because internet to instantly access information at anytime from anywhere. That is a massive increasing of data traffic and internet nodes. Therefore, to refine IDS’s performance and false alarm is a one of the important challenges in intrusion detection and prevention fields. In this work we propose an approach to detect TCP connection based attacks using some data mining algorithms. We gather raw network traffic and classify it into normal and abnormal traffic by Bro IDS and Backtrack security operation system. First, we extract features in TCP/IP headers of the packets such as sequence and acknowledge numbers, window size, control flags, and an event which is the time between neighbour segments from our collected traffic. Next, we evaluate the worth or merit of a feature in novel attacks and select valuable subset of features using Markov Blanket and Pearson correlation. Finally, we are training our machine with the KDD 99 dataset and the selected features are given to learn the classifiers: J-48, Na?ve Bayes. By adopting the concepts of machine learning and data-mining, we could detect about 74% of novel attacks with 19 features.


weka, data mining, learning algorithms, IDS, intrusion detection.