Intrusion detection by initial classification-based on protocol type.

Increased use of computer networks, internet and online transactions pose higher risk of intrusions and protecting the information from the hackers/intruders is a new area in computers and network security. The major factors which affect intrusion detection are the system's detection rate and time required to detect intrusions. Many researchers have focused in this area and have used data mining techniques for detecting the intrusions. This paper proposes to classify the dataset initially based on 'protocol type' feature and the performance improvements over traditional way of considering the full data without initial classification. This paper does not advocate any techniques or algorithms, but establishes the fact that by splitting the dataset on Protocol Type feature enhances performance with respect to detection rate and time to build model for intrusion detection. In this study, the well-known KDD Cup 99 intrusion dataset has been tested with the proposed approach. The computational study reveals that the initial classification based on protocol type' attribute increases the performance with respect to rate of detection and time to build model.