International Journal on Recent and Innovation Trends in Computing and Communication ISSN 2321 – 8169 Volume: 1 Issue: 8 645 – 651 ______________________________________________________________________________ 645 IJRITCC | AUG 2013, Available @ http://www.ijritcc.org ______________________________________________________________________________ Analyze Different approaches for IDS using KDD 99 Data Set Mr. Kamlesh Lahre Mr. Tarun dhar Diwan Suresh Kumar Kashyap Pooja Agrawal Asst. Professor CSE. Dept . Asst. Professor CSE. Dept. M.Tech Research scholar Asst. Professor I.T. Dept Dr. C.V. Raman University Dr. C.V. Raman University Dr. C.V. Raman University Dr. C.V. Raman University Bilaspur(C.G.),India Bilaspur(C.G.),India Bilaspur(C.G.),India Bilaspur(C.G.),India lahrekamlesh@gmail.com taruncsit@gmail.com s3.kashyap@gmail.com Abstract: the integrity, confidentiality, and availability of Network security is one of the challenging issue and so as Intrusion Detection system (IDS). IDS are an essential component of the network to be secured. Intrusion detection is the process of monitoring and analyzing the events occurring in a computer system in order to detect signs of security problems. Intrusion detection includes identifying a set of malicious actions that compromise information resources. Traditional methods for intrusion detection are based on extensive knowledge of signatures of known attacks. In the last three years, the networking revolution has finally come of age. More than ever before, we see that the Internet is changing computing, as we know it. The possibilities and opportunities are limitless; unfortunately, so too are the risks and chances of malicious intrusions There are two primary methods of monitoring these are signature- based and anomaly based. In this paper is to analyze different approaches of IDS. Some approach belongs to supervised method and some approach belongs to unsupervised method. Keywords: Firewall, IDS, AI, anomaly & misuse, DOS, R2L, NID. __________________________________________________________*__________________________________________________________ I. INTRODUCTION Computer security can be very complex and may be very confusing to many people. It can even be a controversial subject. Network administrators like to believe that their network is secure and those who break into networks may like to believe that they can break into any network. Intrusion detection is therefore needed as another wall to protect computer systems. The elements central to intrusion detection are: resources to be protected in a target system, i.e., user accounts, file systems, system kernels, etc; models that characterize the "normal" or "legitimate" behavior of these resources; techniques that compare the actual system activities with the established models, and identify those that are "abnormal" or "intrusive". It is very important that the security mechanisms of a system are designed so as to prevent unauthorized access to system resources and data. However, completely preventing breaches of security appear, at present, unrealistic. We can, however, try to detect these intrusion attempts so that action may be taken to repair the damage later. This field of research is called Intrusion Detection. Intrusion detection techniques while often regarded as grossly experimental, the field of intrusion detection has matured a great deal to the point where it has secured a space in the network defense landscape alongside firewalls and virus protection systems. While the actual , the concept behind intrusion detection is a surprisingly implementations tend to be fairly complex, and often proprietary simple one: Inspect all network activity (both inbound and outbound) and identify suspicious patterns that could be evidence of a network or system attack. Classification of Intrusion Intrusions can be divided into 6 main types Attempted break-ins, which are detected by atypical behavior profiles or violations of security constraints. Masquerade attacks, which are detected by atypical behavior profiles or violations of security constraints. Penetration of the security control system, which are detected by monitoring for specific patterns of activity. Leakage, which is detected by atypical use of system resources. Denial of service, which is detected by atypical use of system resources. Malicious use, which is detected by atypical behavior profiles, violations of security constraints, or use of special privileges. II.TYPES OF TECHNIQUES OF INTRUSION DETECTION SYSTEM We can divide the techniques of intrusion detection into two main types.