www.ijecs.in International Journal Of Engineering And Computer Science ISSN: 2319-7242 Volume 5 Issue 12 Dec. 2016, Page No. 19494-19497 M.Deepa, IJECS Volume 05 Issue 12 Dec., 2016 Page No.19494-19497 Page 19494 A Comparative Study of Perceiving Intrusion Using Data Mining Techniques M.Deepa 1 , Dr.P. Sumitra 2 , 1 Ph.D Research Scholar, Department of Computer Science, Legithasai2010@gmail.com 2 Professor, Department of Computer Science, sumithravaratharajan@gmail.com 1,2 Vivekananda College of Arts and Sciences for Women (Autonomous),Elayampalayam. ABSTRACT: By the rapid development of the computer network during the past few years, the security of information issue comes to be more and more difficult. The Intrusion Detection Systems (IDS) can be used widely for protecting network. Data mining techniques are extensively used, due to some attributes like the scalability, adaptability and validity. This paper focuses on review of the existing intrusion detection system by using data mining techniques and discussing on various disputes in the existing system based on certain classification parameters such as accuracy, detection rate, false alarm etc. Key Terms: Data Mining, Intrusion Detection System, Classification, Clustering. I. INTRODUCTION In recent years, with the terrific growth in networked computer resources, a variety of network-based applications have been developed to provide services in different areas such as ecommerce services, social media services, banking services, government services, etc. These Internet applications need a satisfactory level of security and privacy. On the other hand, the intruder create many vulnerable programs that attacks the various information on the networks .There is an increasing availability of tools and tricks for attacking and intruding networks. Compared with previous protection system, the Intrusion detection System (IDS) has come to be a key factor for the security of the network in the current online world. The data mining approach used in the field of IDS yields an improvement of detection rate, managing the false alarm rate and reduce false positive rate. II. INTRUSION DETECTION SYSTEM The intrusion detection system is an approach that presets the intrusion that are occurred on the network. The intrusion has many types namely viruses, worms, Trojan horse, etc. The foregoing defense system like firewall, virtual private network haven’t a sufficient ability for recognizing critical intrusions from the network. The role of IDS is to trap the hacker’s presence on the network and inform to the network administrator or user of the system and also raises alarms or signals when the security violations are occurred. The figure 1 describes the overall architecture of IDS. Initially the information can be retrieved from the database, which is checked by the firewall. It can be protected by the IDS and sends the information to the corresponding network.IDS plays an important role to secure the network and its main goal is to view the network activities automatically to identify the malicious attacks. Over the years, the researchers and designers have used many techniques to design the IDS. But, there have been limitations exist in present intrusion detection systems. Figure 1: Overall architecture of Intrusion detection system The IDS notices many attacks on the networks like (i) scanning attacks, (ii) denial of service (DOS) attacks, and (iii) penetration attacks. Each of these three categories of computer attacks has distinct signatures and behaviors - to which IDS is designed to analyze, detect and triggers an alarm when encountered. Once an alarm is set, the network administrators has to analyze the logs to decide whether these unexpected activity is indeed anomalous.IDS use either (i) Signature based detection or (ii) anomaly based detection A. Signature based detection A Signature based detection system monitors the network traffic for matches to the signature that is preconfigured and predetermined by the domain experts. Once frequent instances tie with the preconfigured domain then the IDS take the appropriate actions. This type of intrusion detection system can only detect the known threats but the unknown attacks are not identified by this method, and whenever a new software is arrived then this model needs an updating. B.Anomaly based detection The new or unknown threats are identified by an anomaly based detection approach. This method builds a Monitoring entity Data collection Data storage Data processing IDS model Analysis and Detection Security Administrat or Alarm