International OPEN ACCESS Journal Of Modern Engineering Research (IJMER) | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 5 | Iss.4| Apr. 2015 | 31| Intrusion Detection and Forensics based on decision tree and Association rule mining for Probe attack detection Harishchandra Maurya 1 , Swati Sharma 2 1 M .Tech (C.S) (Assistant Professor, Bhagwant University, Ajmer, India) 2 M .Tech (C.S) (Scholar, Bhagwant University, Ajmer, India) Department of Computer Sciences and Engineering Bhagwant University, Ajmer, India I. Introduction Intrusion detection [1] is becoming an increasingly important technology that monitors network traffic and identifies network intrusions such as anomalous network behaviours, unauthorized network access, and malicious attacks to computer systems. There are two general categories of intrusion detection systems (IDSs): misuse detection and anomaly detection. Misuse detection systems detect intruders with known patterns, and anomaly detection systems identify deviations from normal network behaviours and alert for potential unknown attacks. In past years, there were only few intruders and so the user could manage them easily from the known or unknown attacks, but in recent years the security is the most serious problem. Because the intruders introduce a new variety of intrusions in the market, so that the user can’t manage the computer systems and networks properly. Different approaches and algorithms are used to detect the attack. In this paper we propose the techniques which can detect network based attacks using Association rule mining [2] and decision tree [3]. Computer forensics [4]. has significant ability to make network infrastructures more integrated and capable of surviving attack. Computer Forensics is the use of computer technology, in accordance with the lawful procedures and criterion. From the evidence points to technical analysis, computer forensics technology mainly divided into static and dynamic forensics evidence. Dynamic forensics technology will be integrated into the firewall, intrusion detection. Dynamic computer forensics combined with the intrusion Detection, which can collect reliable evidence in real time when the system is invaded, complete the invasion of Testing and the evidence of the dynamics of computer forensics, becomes research focus of computer forensics.  Decision tree Decision trees are well known machine learning techniques. A decision tree is composed of three basic Elements.  A decision node specifying a test attributes.  An edge or a branch corresponding to the one of the possible attribute values this means one of the test attribute outcomes.  A leaf which is also named an answer node, contains the class to which the object belongs. In decision trees, two major phases should be ensured: ABSTRACT—This paper present an approach based on the combination of, two techniques using decision tree and Association rule mining for Probe attack detection. This approach proves to be better than the traditional approach of generating rules for fuzzy expert system by clustering methods. Association rule mining for selecting the best attributes together and decision tree for identifying the best parameters together to create the rules for fuzzy expert system. After that rules for fuzzy expert system are generated using association rule mining and decision trees. Decision trees is generated for dataset and to find the basic parameters for creating the membership functions of fuzzy inference system. Membership functions are generated for the probe attack. Based on these rules we have created the fuzzy inference system that is used as an input to neuro-fuzzy system. Fuzzy inference system is loaded to neuro-fuzzy toolbox as an input and the final ANFIS structure is generated for outcome of neuro-fuzzy approach. The experiments and evaluations of the proposed method were done with NSL-KDD intrusion detection dataset. As the experimental results, the proposed approach based on the combination of, two techniques using decision tree and Association rule mining efficiently detected probe attacks. Experimental results shows better results for detecting intrusions as compared to others existing methods. Keywords—Intrusion detection, Forensics, decision tree, Association rule mining, Probe attack.