International Journal of Scientific Engineering and Technology ISSN : 2277-1581 Volume No. 6, Issue No. 7, PP : 216-219 1 July 2017 DOI : 10.5958/2277-1581.2017.00023.7 Page 216 Classification and Analysis of Techniques Applied in Intrusion Detection Systems Calpephore NKIKABAHIZI, Dr Wilson Cheruiyot, Dr Ann Kibe Department of Information Technology, Jomo Kenyatta University of Agriculture and Technology (JKUAT) Corresponding Email : traorebrahiman@yahoo.fr Abstract- Currently, the development of most of organizations depends on technology for mining information, storing and its transactions. But these frequent use online technologies make the data to be exposed to the risk of attacks that compromise the normal activities of systems. To protect and prevent these attacks, the researchers had implemented the intrusion detection systems (IDS). Even the IDS are so many, the attacks still also increasing in different forms. This paper reviews most techniques usable in IDS, to help users and security professionals to take robust measures in identifying the strength and weakness of each technique. The result of this study shows that majority of techniques perform well at rate more than 99%. Key words: Data mining, IDS, normalization Introduction All Organizations in worldwide make decision based on information in all its levels. Therefore, information management concentrates on mining knowledge useful in developing the organization and its security in all level from data layer through analytical access layer to the medium. This information is vital for organizations and comes from diverse sources, and use online channel to be shared. Due to this online profiling, the digital data over the networks have increased marginally (Bilal, 2014). Today, the information security is one of the serious problems across a variety of industries, due to malicious activities of threats that attack the system to steal the information or causing the incidental damage. The mechanism of security is very important to detect the intrusive behavior (Sandu et al. 2011). In order to effectively monitor malicious activities, it is very crucial to use information detection system (IDS) to monitor network traffic and its suspicious behavior against security. The IDS uses different techniques to detect and to prevent intruders. This paper makes a survey on techniques used for IDS detection and prevention. 1. Related Works This section describes some important works related to the survey on techniques used in intrusion detection and prevention. Beigh (2014) proposed a new classification scheme for intrusion detection system and related techniques used to prevent or detect the malicious activities .This classification helps users or security professionals to know what and how to do in their daily work of securing the developed systems. Sundus et al. (2015) examined different machine learning techniques that have been proposed for detection intrusion by focusing on hybrid classifier algorithm, and this paper strengthens the readers, users and personnel in charge of security to be ready on hybrid techniques to find a relevant solution of different attacks. Sandhu et al. (2011) made a survey on intrusion detection and prevention .Their work set out the advantage and disadvantages on each technique based on position of deployment of systems. Deka et al. (2015) presented a comprehensive survey of methods and systems introduced by other researches done before to protect network resources from intrusion, and listed issues and research challenges. Vijayarani and Sylvia (2015) provided a complete study on IDS methods, life cycle, types of attacks, different tools and techniques, research needs, challenges and the applications. 2. Classification and Techniques for Intrusion Detection IDS are an essential parts of the security infrastructure.They are used to detect, identify, alert and stop intruders. Different authors used techniques according to the issues being solved, or prevented. According to Beigh (2014), the classification of IDS depends on anomaly based detection, misuse based IDS, composite, design based, and time aspect based IDS, monitoring, architecture based and position of deployment. Sandu et al. (2011) explained two types of IDS, anomaly detection technique that stores the systems normal behavior such as Kernel information, system log event, network packet information, software running information, operating systems, information into database. An alarm is generated when abnormal behavior occurs in a system which deviates from a system normal behavior, this results either false positive or false negative. The second technique is signature detection or misuse detection scheme that stores the sequence of pattern, signature of attacks or intrusion into the database. Once the system matches the signature of intrusion with the predefined signature that already stored in database, it generates a successive alarm. Hoque ,Mukit and Bikas (2012) classified intrusion detection into two main categories, Host Based Intrusion Detection (HIDS) that evaluates information found on a single or multiple host systems ,including content of OS, system and application files, and Network Based Intrusion Detection (NIDS) that