International Journal of Scientific Research and Management (IJSRM) ||Volume||5||Issue||06||Pages||5582-5587||2017|| Website: www.ijsrm.in ISSN (e): 2321-3418 Index Copernicus value (2015): 57.47 DOI: 10.18535/ijsrm/v5i6.33 Neetu Anand, IJSRM Volume 5 Issue 06 June 2017 [www.ijsrm.in] Page 5582 Computer Security and Intrusion detection System-A Data Mining Based Approach Neetu Anand 1 , Tapas Kumar 2 1 Maharaja Surajmal Institute, New Delhi neetuanand@msi-ggsip.org, 2 Lingayas University, Faridabad Kumartapas534@gmail.com Abstract-With an increased understanding of how systems work, intruders have become skilled at determining weaknesses in systems and exploiting them to obtain such increased privileges that they can do anything on the system. Intruders also use patterns of intrusion that are difficult to trace and identify. They frequently use several levels of indirection before breaking into target systems and rarely indulge in sudden bursts of suspicious or anomalous activity. They also cover their tracks so that their activity on the penetrated system is not easily discovered. We must have measures in place to detect security breaches, i.e., identify intruders and intrusions. Intrusion detection systems fill this role and usually form the last line of defense in the overall protection scheme of a computer system. They are useful not only in detecting successful breaches of security, but also in monitoring attempts to breach security, which provides important information for timely countermeasures. This paper focused on how data mining is used for Intrusion detection System Keywords – Intrusion Detection, Data Mining, Data Analysis, Denial of service, Anomaly detection I. Introduction Computer Security and its Role: One broad definition of a secure computer system is given by Garfinkel and Spafford as one that can be depended upon to behave as it is expected to. The dependence on the expected behavior being the same as exhibited behavior is referred to as trust in the security of the computer system. The level of trust indicates the confidence in the expected behavior of the computer system. The expected behavior is formalized into the security policy of the computer system and governs the goals that the system must meet. This policy may include functionality requirements if they are necessary for the effective functioning of the computer system. A narrower definition of computer security is based on the realization of confidentiality, integrity, and availability in a computer system Data confidentiality: Data that are being transferred through the network should be accessible only to those that have been properly authorized. Data integrity: Data should maintain their integrity from the moment they are transmitted to the moment they are actually received. No corruption or data loss is accepted either from random events or malicious activity. Data availability: The network should be resilient to Denial of Service attacks. By this definition, an unreliable computer system is unsecured if availability is part of its security requirement. In addition to the well-established intrusion prevention techniques such as data encryption and message integrity, user authentication and user authorization, as well as the avoidance of security flaws inherent to many off-the-shelf applications, intrusion detection techniques can be viewed as an addition safeguard for networked computers. Thus, intrusion detection systems are useful even when strong preventive steps taken to protect computer systems place a high degree of confidence in their security. II. Literature Reviewed Eric Bloedorn, et al.(2001)suggested data mining techniques to consider and types of expertise and infrastructure needed for making an IDS. Wenke Lee, et al.(2000) utilized auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. New detection models are incorporated into an existing IDS through a meta-learning (or co-operative learning) process, which produces a meta detection model that combines evidence from multiple models. Sattarova Feruza Yusufovna (2008) presented the application of a number of data mining techniques that have been proposed towards the enhancement of IDS. It was shown that data mining has been known to aid the process of intrusion detection and the ways in which the various techniques have been applied and evaluated by researchers. The integration of data mining approaches can contribute significantly in the attempt to create better and more effective intrusion detection systems. Tao Peng, Wanli Zuo (2005) implement the architecture of data mining based NIDS in real time. They analyze a frequent patterns mining algorithm that integrate Apriori candidate generation into FP-growth method .FP-growth adopts a divide- and-conquer strategy that compresses the database representing frequent items into a frequent –pattern tree(FP-tree),and proceeds mining of FP-tree, and proceed mining of FP-tree. Norbik Bashah et al. (2005) proposed system is a hybrid system that combines anomaly, misuse and host based