Copyright © 2018 V. Mala, K. Meena. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. International Journal of Engineering & Technology, 7 (2.4) (2018) 10-13 International Journal of Engineering & Technology Website: www.sciencepubco.com/index.php/IJET Research Paper Hybrid classification model to detect advanced intrusions using data mining techniques V. Mala 1 *, K. Meena 2 1 Research Scholar, Veltech Rangarajan Dr. Sagunthala R&D Institute Science & Technology, Chennai 2 Associate Professor, Department of Computer Science & Engineering, Veltech Rangarajan Dr. Sagunthala R&D Institute Science & Technology, Chennai *Corresponding author E-mail: malarajinikanth10@gmail.com Abstract Traditional signature based approach fails in detecting advanced malwares like stuxnet, flame, duqu etc. Signature based comparison and correlation are not up to the mark in detecting such attacks. Hence, there is crucial to detect these kinds of attacks as early as possible. In this research, a novel data mining based approach were applied to detect such attacks. The main innovation lies on Misuse signature de- tection systems based on supervised learning algorithm. In learning phase, labeled examples of network packets systems calls are (gave) provided, on or after which algorithm can learn about the attack which is fast and reliable to known. In order to detect advanced attacks, unsupervised learning methodologies were employed to detect the presence of zero day/ new attacks. The main objective is to review, different intruder detection methods. To study the role of Data Mining techniques used in intruder detection system. Hybrid – classification model is utilized to detect advanced attacks. Keywords: Data Mining; Hybrid; Stuxnet; Flame; Duqu; Unsupervised Learning. 1. Introduction Intrusion is defined as an action set done to accommodate goals relating security, like reliability, privacy, or accessibility. The resource of networking and computing are checked for the intru- sion. Detection of intrusion is the process of diagnosing and ac- knowledging to intrusion activities. IDS were first introduced by James Anderson in the year 1980[1]. Detection of intrusion meth- ods is followed for several years to ensure security in the system. Using intrusion detection methods, one can gather and use facts from known types of attacks and discover if someone wants to attack your network or a particular host. The information gathered are being used in improving network safety, as well as for author- ized functions. Both economic and open source products are made available for this cause. Many susceptibility estimation tools are also made available in the market which is used in fixing various kinds of security holes available in a network. Hybrid categoriza- tion model is used to detect advanced intrusions using data mining techniques. The technique is calculated with a captured real-time flow and a dataset of packets, a scattered disapproval of service dataset, and the intrusion of benchmark dataset called the discov- ery of knowledge and mining of data. 2. Literature review Detection of network anomaly by Cascading K-Means Clustering and C4.5 Decision Tree algorithm [7] was used by many research- ers in the past years. It was useful to detect intruder in High accu- racy rate, Drawback of this approach is cannot processing large dataset. Efficient accession toward Intrusion Detection System using the technique of data mining [2] used Hybrid PSO with C4.5, SNORT with ALADLERAD, SVM and HOPERAA ap- proaches to detect Intruders. Advantage of this approach is the detection of the intruder in high accuracy rate. Drawback of this approach it cannot be applied to real traffic. A design of hybrid intrusion detection system for computer network safety [8] men- tioned in this paper focus on the hybrid IDS is achieved by consol- idating anomaly detection of packet header and network traffic. The advantage of this approach is Detect more attacks than SNORT, Draw back cannot detect behavioral attacks. Hybrid ac- cess for Anomaly Network Traffic Detection using the technique of Data Mining[9]mentioned in this paper focus on hybrid IDS is the combing the method Entropy and SVM classifier .Advantage of this approach is network properties is clearly defined , Disad- vantage is it cannot process large data.