ISSN(Online): 2320-9801 ISSN (Print): 2320-9798 International Journal of Innovative Research in Computer and Communication Engineering (An ISO 3297: 2007 Certified Organization) Vol. 3, Issue 5, May 2015 Copyright to IJIRCCE DOI: 10.15680/ijircce.2015.0305058 4402 Architecture of Hybrid Intrusion Detection System using TAN & GA Algorithm Namita Parati 1 , Sumalatha Potteti 2 Assistant Professor, Department of CSE, BRECW, Hyderabad, India 1 Assistant Professor, Department of CSE, BRECW, Hyderabad, India 2 ABSTRACT: The dramatically development of internet, security of network traffic is becoming a major issue of computer network system. Attacks on the network are increasing day-by-day. Many intelligent learning techniques of machine learning are applied to the large volumes of data for the construction of an efficient intrusion detection system (IDS). Several machine-learning paradigms including neural networks, linear genetic programming (LGP), support vector machines (SVM), Bayesian networks, multivariate adaptive regression splines (MARS) fuzzy inference systems (FISs), etc. have been investigated for the design of IDS. This paper presents an overview of intrusion detection system and a hybrid technique for intrusion detection based on . Tree Augmented Naïve Bayes (TAN) algorithm and Genetic algorithm. TAN algorithm classifies the dataset into various categories to identify the normal/ attacked packets where as genetic algorithm is used to generate a new data by applying mutation operation on the existing dataset to produce a new dataset. Thus this algorithm classifies KDD99 benchmark intrusion detection dataset to identify different types of attacks with high detection accuracy. The experimental result also shows that the accuracy of detecting attacks is fairly good. KEYWORDS: Intrusion Detection System (IDS), Data Mining, Classification, Genetic algorithm, Tree augmented Naive Bayes Classifier. I. INTRODUCTION Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human intervention, then it becomes an Intrusion-prevention system. Intrusion detection can be performed manually or automatically. Manual intrusion detection might take place by examining log files or other evidence for signs of intrusions, including network traffic. A system that performs automated intrusion detection is called an Intrusion Detection System (IDS). An IDS can be either host-based, if it monitors system calls or logs, or network-based if it monitors the flow of network packets. Modern IDSs are usually a combination of these two approaches [9]. Another important distinction is between systems that identify patterns of traffic or application data presumed to be malicious (misuse detection systems) and systems that compare activities against a ‟normal‟ baseline (anomaly detection systems . II. LITERATURE SURVEY 2.1 Intrusion Detection System An IDS is a combination of software and hardware which are used for detecting intrusion[2]. Intrusions may be defined as the unauthorized attempt for gaining access on a secured system or network. Intrusion detection is the course of action to detect suspicious activity on the network or a device. Intrusion Detection System (IDS) is an important detection used as a countermeasure to preserve data integrity and system availability from attacks. The IDS has been a renowned aspect for detecting intrusions adequately. The IDS is assumed as hardware or software or combination of both that allows monitoring of the network traffic in search of intrusions. . Fig.1 shows the standard IDS.