2.3 RELATED WORKS
Jakrarin Therdphapiyanak et al.[km7] (2013) determined the appropriate number of clusters and the proper amount of entries for applying K-means clustering to TCPdump data set using Apache Mahout/Hadoop framework. Finally, they show the result of the experiments with accuracy rate and number of initial cluster (K) graph, ROC curve and detection rate and false alarm rate table.
Bharanidharan Shanmugam et al.[km4](2009) propose a hybrid model based on improved fuzzy and data mining techniques, which can detect both misuse and anomaly attacks. The aim of their research is to reduce the amount of data retained for processing i.e., attribute selection process and also to improve the detection rate of the existing IDS using data mining technique. then use improved Kuok fuzzy data mining algorithm, which in turn a modified version of APRIORI algorithm, for implementing fuzzy rules, which allows them to construct if
then rules that reflect common ways of describing security attacks.
Gautam Singaraju et al.[km6](2004) propose Testbed for evaluating Intrusion Detection Systems (TIDeS), that allows a user to select the best IDS for a specific customized environment. A quantitative analysis is provided by TIDeS, using fuzzy logic, under varying network loads. We also propose robust metrics to evaluate an IDS. We follow up with recommendations, based on our experience, on the general practices in the field of IDSs.
Monita Wahengbam et al[km5](200)The proposed IDS uses fuzzy logic to detect malicious behavior and identify the attacks. analyze some security attacks of MANET and we propose to identify the attack by using an Intrusion Detection System (IDS). The proposed IDS uses fuzzy logic to detect malicious behavior and identify theattacks.
Yanxin Wang et al.[km2](2004) We recently extend kernel methods to intrusion detection domain by introducing a new family of kernels suitable for intrusion detection. These kernels, combined with an unsupervised learning method – one-class Support Vector Machine, are
used for anomaly detection. Our experiments show that the new anomaly detection methods are able to achieve better accuracy rates than the conventional anomaly detectors.
K.S.Sujatha, Vydeki Dharmara, and R.S.Bhuvaneswaran[1] (2012) proposed an intrusion detection system which is based on Genetic Algorithm, which analyses the behaviours of every node and provides details about the attack by using some features of AODV such as Request Forwarding Rate, Reply Receive Rate and many more.
Yuteng Guo et al.[2] (2010) has proposed a new Feature Selection method based on Rough Sets and Genetic Algorithms for Network Intrusion Detection. Initially the features were filtered by virtue of the Rough Sets theory, it is then in the remaining feature subset, the Optimal subset will be found out through the Genetic Algorithm improved with Population Clustering approach which optimised results.
Jaydip Sen et al.[10] (2011) proposed a that demonstrate the effectiveness of the mechanism in detection of the attack while maintaining a reasonable level of throughput in the network. In his paper, routing security issues in MANETs such as cooperative blackhole attack has been described in discussed. And proposed Security protocol that can be utilised to detect multiple blackhole nodes in a MANET and thereby identify a secure routing path from a source node to a destination.
Dong Seong Kim et al.[7](2005) propose Genetic Algorithm (GA) to improve Support Vector Machines (SVM) based Intrusion Detection System (IDS). Combination of GA and SVM to enhance the overall performance of SVM based IDS.several experiments on KDD 1999 intrusion detection system competition dataset and also obtained results by carrying experiments on KDD intrusion detection system competition dataset.
Wang Yunwu [4] (2010) has proposed a fuzzy based Genetic Algorithm approach which uses initial rules from fuzzy algorithm and then draws its final rules following Genetic Algorithm to detect an Intrution .
ELIZABETHM. ROYER [3](1999) Article examines routing protocols for ad hoc networks and evaluates these protocols based on a given set of parameters. The article provides an overview of eight different protocols by presenting their characteristics and functionality,and then provides a comparison and discussion of their respective merits and drawbacks.
M. Amaresh [8] (2013) proposed technique where each node estimates its neighbour’s trust value and energy value that is one node has for another node during communication dynamically. Adding trust value and energy value new root value is calculated and maintained in all neighbour table. Using root value trusted routes are established by two methods that are single value routing and multiple value routing and detect the malicious nodes from the network. The technique only considers the black hole attack which can easily interrupt the communication path.
M.Padmadas et al.[5](2013) proposes a methodology to overcome all the weakness of single layer intrusion detection. In their work, a layered approach for intrusion detection is proposed which is based on genetic algorithm. But in the approach, there is no mathematical method for calculating filter parameters for DOS, R2L, U2R attacks. So a new approach which is genetic algorithm based is presented, for calculating those parameters to make the system more secure.
R.Sridevi and Dr.Rajan Chattemvelli[9](2012) proposed to investigate the efficacy of genetic search methods for feature selection and Immune system to classify threats and non threats.
2.3.1 THE TABLE BELOW SHOWS THE FINDINGS AND RESEARCH GAP FOR THE PAPERS
s/n Author's name(s) Year of Publication Tool/Technique Routing Protocol Findings Limitations
10 K.S.Sujatha, Vydeki Dharmar and R.S.Bhuvaneswaran 1 2012 NS-2/MATHLAB AODV detection of intrusion / packet dropping does not isolated the malicious node and classify the type of the attack as wether blachole grayhole etc.
11 Yuteng Guo et al.2 2010 KDD improves the accuracy and efficiency in Network Intrusion Detection need for mathematicalformulasforcrosover rate & mutation rate to design a more reasonable experimental parameters
12 Wang Yunwu 4 2009 GA/Fuzzy logic TCP/IP get high performance by using less fuzzy rules to achieve a certain high rate of recognition even classification does not isolated the malicious node and classify the type of the attack as wether blachole grayhole etc.
13 M.Padmadas 5 2013 GA proposes a methodology to overcome all the weakness of single layer intrusion detection no mathematical method for finding the values for filter parameters for DOS, R2L, U2R attacks.
14 TIE-JUN ZHOU, LI YANG 6 2008 NS-2 GAand NEURAL Network detection using Improve GA performs better on the detection efficiency and false alarm rate. network structure need to be optimised so as to reduce underreport and improve accuracy.
15 R.Sridevi and Dr.Rajan Chattemvelli 9 2012 KDD99 GA able to detect intrusion with efficiency fails to isolated the mallicious node
16 M. Amaresh and G. Usha
8 2013 NS-2 AODV able to detect both black and gray hole attacks Detection only based on number of packets dropped
17 Jaydip Sen 11 2011 NS-2 AODV detection of attack while maintaining a reasonable level of throughput in the network. fails to defend against other attacks like resource consumption attack and packet dropping attack
etc.
2.3.2 RESEARCH GAP
✤ According to the survey of the various work the major gap is that, the systems detects Intrusion but does not isolated the malicious node and classify the type of the attack as wether black hole or gray hole etc.
2.5 RESEARCH GAP
✤ Apart from time consuming some need more iterations
✤ A lot of parameters region, status of education, wealth index, current age and contraception were used
✤ It take a long time to train, cross validation, testing and predict the IVF success rate.
✤ It is very complex as is need 6 hidden layers
✤ Is more appropriate for theoretical (scientific) purposes.
2.5 Proposed Work
I proposed an approach by utilizing data mining techniques such as neuro-fuzzy and radial basis support vector machine(SVM) for helping IDS to attain higher detection rate. The proposed technique has four major steps:
Primary k-means clustering which is used to generate different training subsets.Then based on the obtained training subsets ,different neuro-fuzzy models are trained. Then a vector for SVM classification is formed to detect happen or not. And we are to use KDD Cup 1999 Dataset for demonstration.
Proposed Architecture