Enhanced Naïve Bayes Algorithm for Intrusion Detection in Data Mining Shyara Taruna R. 1 Mrs. Saroj Hiranwal 2 1 Department o f C S & E , SBTC, Jaipur, India 2 Department of Information Technology, SBTC, Jaipur, India Abstract -Classification is a classic data mining technique based on machine learning. Classification is used to classify each item in a set of data into one of predefined set of classes or groups. Naïve Bayes is a commonly used classification supervised learning method to predict class probability of belonging. This paper proposes a new method of Naïve Bayes Algorithm in which we tried to find effective detection rate and false positive rate of given data. We tested the performance of our proposed algorithm by employing KDD99 benchmark network intrusion detection dataset, and the experimental results proved that it improves detection rates as well as reduces false positives for different types of network intrusions. Keywords: Data Mining, Detection Rate, False Positive, Intrusion Detection, Naïve Bayes Classifier, Network Security. I. INTRODUCTION Data Mining [1] is the process of extracting information from large data sets through the use of algorithms and techniques drawn from the field of Statistics, Machine Learning and Data Base Management System. Intrusion detection systems (IDSs) play a very important role in network security. Intrusion detection systems (IDSs) is security tools that collect information from a variety of network sources, and analyze the information for signs of network intrusions. IDS can be host-based or network-based systems [2]. Host-based IDS locates in servers to examine the internal interfaces, and network- based IDS monitors network packets to discover network intrusions. The success of an IDS can be characterized in both detection rates (DR) and false positives (FP) for different types of intrusions [3]. This paper presents the scope and status of our research in anomaly detection. This paper gives a comparative study of several anomaly detection schemes for identifying novel network intrusion detections. We present experimental results on KDDCup’99 data set. Experimental results have demonstrated that our naïve bayes classifier model is much more efficient in the detection of network intrusions, compared to the neural network based classification techniques. II. INTRUSION DETECTION An Intrusion Detection System (IDS) inspects the activities in a system for suspicious behavior or patterns that may indicate system attack or misuse. An IDS monitors network traffic in a computer network like a network sniffer and collects network logs. Then the collected network logs are analyzed for rule violations by data mining algorithms. When any rule violation is detected, the IDS alert the network security administrator or automated intrusion prevention system (IPS). Intrusion detection system can be classified into three systems based on such (i) misuse based system, (ii) anomaly based systems, and (iii) hybrid systems [4] – [9]. Misuse based IDS simple pattern matching techniques to match the attack pattern, and a database of known attack patterns are consistent, and produce very low false positive (FP). It requires the signature of the rules or to see, not so well-known attacks regularly updated. Anomaly based of the IDS to determine the normal behavior by examining the abnormal behavior of the new attack [10], both well-known and achieve a high detection rate (DR) unknown attacks, but makes many false positives (FP). Anomaly based IDS, the development of IDS audit data collected by observing the rules. Developed by the operating system audit data record of the activities is logged to a file in chronological order. On the other hand, a combination of a hybrid IDS based on misuse and corruption of the detection system technology. The current adaptive intrusion detection is designed to address large amounts of data in the analysis of audit, inspection rules for performance optimization. III. NETWORK ATTACKS The simulated attacks were classified, according to the actions and goals of the attacker. Each attack type falls into one of the following four main categories [11]: Denials-of Service (DoS) attacks have the goal of limiting or denying services provided to the user, computer or network. A common tactic is to severely overload the targeted system. (e.g. apache, smurf, Neptune, Ping of death, back, mailbomb, udpstorm, SYNflood, etc.). Probing or Surveillance attacks have the goal of gaining knowledge of the existence or configuration of a computer system or network. Port Scans or sweeping of a given IP-address range typ ically fall in this category. (e.g. saint, portsweep, mscan, nmap, etc.). User-to-Root (U2R) attacks have the goal of gaining root or super-user access on a particular computer or system on which the attacker previously had user level access. These are attempts by a non-privileged user to gain administrative privileges (e.g. Perl, xterm, etc.). Shyara Taruna R et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (6) , 2013, 960-962 www.ijcsit.com 960