International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 05 | May -2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 1780 Survey on Intrusion Detection System using Data Mining Techniques Atmaja Sahasrabuddhe 1 , Sonali Naikade 2 , Akshaya Ramaswamy 3 , Burhan Sadliwala 4 , Prof.Dr.Pravin Futane 5 1,2,3,4 Dept. of Computer Engineering, Pimpri Chinchwad College of Engineering, Maharashtra, India. 5 Professor, Dept. of Computer Engineering, Pimpri Chinchwad College of Engineering, Maharashtra, India. ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Intrusion Detection System (IDS) has started becoming part and parcel of every system considering the growing security breaches in the cyber world. Security threat means violating confidentiality and integrity of system thereby causing potential financial loss to the organizations. Cyber criminals bypass the authentication mechanism and intrude into the system to steal personal and professional information of their victims from database. One of the most common techniques used for intrusion is the SQL Injection attack. This attack is used to either get an unauthorized access to database or retrieve information directly from the database. This attack was ranked third among the top ten database security threats [2]. Thus it becomes a serious threat to any database driven website and hence needs to be detected efficiently. IDS combined with data mining technique are one of the way for detecting the intrusions in the system. This paper reviews various types of SQL injection attacks and data mining techniques used for detection. Key Words: Database, Data Mining, Intrusion Detection System, Security, SQL Injection attack. 1. INTRODUCTION With the technological advancement and its ease of availability, a lot of people have started adopting it. Almost every transaction today is done online. This scenario causes cyber criminals to achieve their malicious motive. They compromise the security mechanisms of the system and gain unauthorized access thereby stealing all vital data. One of the most common and oldest techniques for gaining unauthorized access is the SQL Injection attack. SQL injection attacks are initiated by passing some malicious code fragment in web application. The Web application then combines these unsafe SQL fragments with the proper SQL queries generated by the application, thus creating valid SQL requests. These new, malicious requests cause the database to perform the task the attacker intends [1]. So, Implementing an Intrusion detection system helps the database administrator to keep an eye on such kind of intrusions. Whenever there is an intrusion, IDS will detect it and notify it to the database administrator. Administrator can then take the necessary actions on the detected intrusion. The detection mechanisms in IDS can be implemented using data mining techniques. The various algorithms in data mining can be used for detection of intrusions. 2. INTRUSION DETECTION SYSTEM Intrusion Detection System (IDS) is a software application that monitors the system for malicious activities and suspicious transactions. Any such activity that takes place is reported to the database administrator. An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns. It monitors the Internet and searches for any of the new threats which could further result in an attack. Functions of IDS are as follows: 1. Monitoring and analyzing both user and system activities. 2. Detect abnormal activities. 3. Ability to recognize patterns of attacks. 4. Analyzing system configurations and vulnerabilities. 5. Checking for security policy violations. Types of IDS: IDS can be classified in two ways: i) Based on where the detection takes place. ii) Based on what detection method is used. i) Based on where the detection takes place, the intrusion detection systems are classified as follows [4]: Network Intrusion Detection System: Network Intrusion Detection System (NIDS) exists at certain points in the network to monitor traffic to and from all the devices in the network. It analyses the network traffic and matches it to the library of known attacks. If an attack is detected, or any abnormal activity is sensed, an alert is sent to the administrator. There are two types of NIDS: On-line and Off-line NIDS. On-line NIDS is used with network in real time whereas off-line NIDS works with stored data. Host Intrusion Detection System: Host Intrusion Detection System (HIDS) exists on the individual devices in the network. It tracks the incoming and outgoing packets from the device on which it is installed and notifies the administrator if any suspicious