2.

PROBLEM DOMAIN

Many of the current intrusion decision system (IDSs) are signature-based systems. The SIDS or
signature based IDS are also known as misuse detection looks for a specific signature to match or
signaling an instruction. They are provided with the signatures or patterns, but SIDS are of little
use for as yet unknown attack methods. It means that an IDS using misuse detection will only
detect known attacks . Rate of false positives is small to nil but these types of systems are poor at
detecting new attacks or variations of known attacks or attacks that can be masked as normal
behavior .

As network attacks have increased in number severity over the past few years,
intrusion detection system (IDS) is becoming a critical component to secure the network.
Because of large volumes of security audit data as well as complex and dynamic properties of
intrusion behaviors, the optimization of the performance of IDS becomes an important open
problem that is receiving more and more attention from the research community. Uncertainty to
explore if certain algorithms perform better for certain attack classes constitutes the motivation
for the reported herein.

Objectives:

 The objective is to classify the information of a flow available in the form of 42 attributes
(i.e. Network-based IDS) as normal or attack.
 Classification task requires a lot of computation in model generation due to large data
size. The accuracy will be improved.
 Also the error rate will be reduced.

3. SOLUTION DOMAIN:

In decision tree classifiers, the criteria used for the attribute selection is as follows: First
information gain of each attribute is computed then the attribute having maximum information
gain is chosen. This means that an attribute with maximum values is chosen for splitting the tree.
But in most of the cases, it is not necessary that an attribute with maximum values will be the
best. Also ID3 algorithm uses the concept of information gain for selecting an attribute. The
information gain is based on the concept of the probability. Probability based method is suitable
for stochastic problems. But it cannot be the common criteria for attribute selection.

For solving this problem, we propose a more accurate decision tree based classifier. Our
proposed solution will use a new attribute selection criteria. It will give more weight to attributes
with less values but more importance. Also it will reduce the weight of attribute with more
values and less importance.

ATTRIBUTE SELECTION: Our proposed methodology uses a modified gain based greedy
approach to select the best attribute, which will be used for partitioning the training data set into
smaller partitions. Similar to ID3,our proposed algorithm also chooses the attribute with highest
information gain. But we have modified the formulae of information gain. The modified
formulae contains utility value of each attribute. In this the selection criteria has improved, which
ultimately will result is more classification and prediction.
4. SYSTEM DOMAIN :

SYSTEM REQUIREMENTS:

Hardware Requirement:

• System : Pentium IV 2.4 GHz.

• Hard Disk : 40 GB.
• Floppy Drive : 1.44 Mb.
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 512 Mb.

SOFTWARE REQUIREMENTS:

• Operating system : - Windows XP.

• Coding Language : JAVA
• Data Base : SQL SERVER 2005
The Java Programming Language
The Java programming language is a high-level language that can be characterized by all
of the following buzzwords:
 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
language called Java byte codes —the platform-independent codes interpreted by the interpreter
on the Java platform. The interpreter parses and runs each Java byte code instruction on the
computer. Compilation happens just once; interpretation occurs each time the program is
executed.

4.APPLICATION DOMAIN

Intrusion detection system is an important technology in business sector as well as an active area
of research. It is a very important tool for information security. The Network Intrusion Detection
System is used to monitor networks for attacks or intrusions and report these intrusions to the
administrator in order to take evasive action. Today most of the computers are part of networked
& distributed systems that may span multiple buildings sometimes located thousands of miles
apart. It is clear that the network of such a system is a pathway for communication between the
computers in the distributed system. Also it is a pathway for intrusion. The intrusion detection
system is designed to detect and combat some common attacks on network systems. The
intrusion detection system works as an alert device in the event of attacks directed towards an
entire network.

5.EXPECTED OUTCOME :

Expected outcomes are as follows:

1. Classification Accuracy is higher

2. Success rate is higher
3. Good for novelty attack detection.

Error rate