International OPEN ACCESS Journal Of Modern Engineering Research (IJMER) | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 70| Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of Network Intrusion Detection J. Uthayakumar 1 , D. Nivetha 2 , D.Vinotha 3 , M.Vasanthi 4 1 Apollo Computer Education, Puducherry, India 2,3,4 Department of CSE, Sri Manakula Vinayagar Engineering College, Puducherry, India I. INTRODUCTION In today‟s information system management, large-scale data clustering and classification have become increasingly important and challenging area. As a particular application area, Intrusion Detection Systems (IDSs) are designed to defend computer system from various cyber attacks and computer viruses. There are two primary assumptions in the research of intrusion detection: (1) user and program activities are observable by computer systems and (2) normal and intrusion activities must have distinct behaviors. 1.1 Data-mining based approaches for IDSs Researchers have proposed an implemented various models that different measures of system behavior. As it is an energy and time consuming job for security experts to update current IDSs frequently by manual encoding, using data mining approaches to network intrusion detection provides an opportunity for IDSs to learn the behaviors of networks automatically by analyzing the data trials of their activities. Two key advantages of using a data mining approach to IDSs (1) It can be used to automatically generate the detection models for IDSs, so that new attacks can be detected automatically as well. (2) It is general, so it can be used to build IDSs for a wide variety of computing environments. The central theme of data mining approaches is to take a data-centric point of view and consider intrusion detection as a analysis process. This includes four essential steps. (1) Capturing packets transferred on the network. (2) Extracting an extensive set of features that can describes network connection or a host session. (3) Learning a model that can accurately describe the behavior of abnormal and normal activities by applying data mining activities. (4) Detecting the intrusions by using the learnt models. We assume that Step (1) and (2) have been developed and are already available for the further training and testing phases. Step (3) in data mining, in general, is by classification, link analysis, and sequence analysis. In the rest of the paper, we will use SVM to denote either the concept or the algorithm when there is no confusion. Abstract: Enormous studies on intrusion detection have widely applied data mining techniques to finding out the useful knowledge automatically from large amount of databases, while few studies have proposed classification data mining approaches. In an actual risk assessment process, the discovery of intrusion detection prediction knowledge from experts is still regarded as an important task because experts’ predictions depend on their subjectivity. Traditional statistical techniques and artificial intelligence techniques are commonly used to solve this classification decision making. This paper proposes an ant-miner based data mining method for discovering network intrusion detection rules from large dataset. The obtained result of this experiment shows that clearly the ant-miner is superior than ID3, J48, ADtree, BFtree, Simple cart. Although different classification models have been developed for network intrusion detection, each of them has its strength and weakness, including the most commonly applied Support Vector Machine(SVM)method and the clustering based on Self Organized Ant Colony Network (CSOACN).Our algorithm is implemented and evaluated using a standard bench mark KDD99 dataset. Experiments show that ant-miner algorithm out performs than other methods in terms of both classification rate and accuracy. Keywords: Intrusion Detection, Ant-miner, Artificial Intelligence, Cross validation