IJSRD - International Journal for Scientific Research & Development| Vol. 1, Issue 5, 2013 | ISSN (online): 2321-0613 All rights reserved by www.ijsrd.com 1054 Abstract— In this paper, we present an overview of existing intrusion detection techniques. All these algorithms are described more or less on their own. Intrusion detection system is a very popular and computationally expensive task. We also explain the fundamentals of intrusion detection system. We describe today’s approaches for intrusion detection system. From the broad variety of efficient techniques that have been developed we will compare the most important ones. We will systematize the techniques and analyze their performance based on both their run time performance and theoretical considerations. Their strengths and weaknesses are also investigated. It turns out that the behavior of the algorithms is much more similar as to be expected. I. INTRODUCTION In today’s scenario, everyone is using Internet to communicate with each other. Internet is not only limited to the web mail and chat but also extended to the field of education, business, media and many more. Day by day, we are becoming more and more dependent to the Internet, which makes our life easier. It is changing our way of communication, business mode and even everyday life. Now question is, whether it is safe to deal each and everything using Internet, whether it is secure enough. The answer is ‘no’ as we are not fully safe using Internet. This is because, as Internet grows, number of attacks also increases. Intrusion detection concept was introduced by James Anderson in 1980[5] defined an intrusion attempt or threat to be potential possibility of a deliberate unauthorized attempt to access information, manipulate or render a system unreliable or unusable. Sights moved for using data mining in content of NIDS in the late of 1990’s. Researchers suddenly recognized the need for existence of standardized dataset to train IDS tool. Minnesota Intrusion Detection System (MINDS) combines signature based tool with data mining techniques. Signature based tool (Snort) are used for misuse detection & data mining for anomaly detection. II. LITERATURE SURVEY In [6] Jake Ryan et al applied neural networks to detect intrusions. Neural network can be used to learn a print (user behavior) & identify each user. If it does not match then the system administrator can be alerted. A back propagation neural network called NNID was trained for this process. Denning D.E et al [7] has developed a model for monitoring audit record for abnormal activities in the system. Sequential rules are used to capture a user’s behavior [8] over time. A rule base is used to store patterns of user’s activities deviates significantly from those specified in the rules. High quality sequential patterns are automatically generated using inductive generalization & lower quality patterns are eliminated. An automated strategy for generation of fuzzy rules obtained from definite rules using frequent items. The developed system [9] achieved higher precision in identifying whether the records are normal or attack one. Dewan M et al [10] presents an alert classification to reduce false positives in IDS using improved self- adaptive Bayesian algorithm (ISABA). It is applied to the security domain of anomaly based network intrusion detection. S.Sathyabama et al [11] used clustering techniques to group user’s behavior together depending on their similarity & to detect different behaviors and specified as outliers. Amir Azimi Alasti et al [12] formalized SOM to classify IDS alerts to reduce false positive alerts. Alert filtering & cluster merging algorithms are used to improve the accuracy of the system. SOM is used to find correlations between alerts. Alan Bivens et al [13] has developed NIDS using classifying self-organizing maps for data clustering. MLP neural network is an efficient way of creating uniform, grouped input for detection when a dynamic number of inputs are present. An ensemble approach [14] helps to indirectly combine the synergistic & complementary features of the different learning paradigms without any complex hybridization. The ensemble approach outperforms both SVMs MARs & ANNs. SVMs outperform MARs & ANN in respect of Scalability, training time, running time & prediction accuracy. This paper [15] focuses on the dimensionality reduction using feature selection. The Rough set support vector machine (RSSVM) approach deploy Johnson’s & genetic algorithm of rough set theory to find the reduct sets & sent to SVM to identify any type of new behavior either normal or attack one. Aly Ei-Senary et al [16] has used data miner to integrate Apriori & Kuok’s algorithms to produce fuzzy logic rules that captures features of interest in network traffic. Taeshik Shon et al [17] proposed an enhanced SVM approach framework for detecting & classifying the novel attacks in network traffic. The overall framework consist of an enhanced SVM- based anomaly detection engine & its supplement components such as packet profiling using SOFM, packet filtering using PTF, field selection using Genetic Algorithm & packet flow-based data preprocessing. SOFM clustering was used for normal profiling. The SVM approach provides false positive rate similar to that of real NIDSs. In this paper [18] genetic algorithm can be effectively used for formulation of A Survey of Various Intrusion Detection Systems Nitin Namdev 1 Prof. Ravindra Kumar Gupta 2 Dr. Shailendra Singh 3 1,2,3 SSSIST Sehore