how intrusion can be detected by applying frequent data mining technique.

shruti

how to create  intrusion detection system  by applying frequent item set mining using rapid miner. which process to follow.

MariusHelf

Hi, there are many different ways of implementing an intrusion detection system, and which way to follow heavily depends on the system you have, the data, etc. This is a complex field which cannot be answered with simple instructions. Anyway, to give you any hints to point you into the right direction, we need more info about your setting. You can get some hints on how to create good question in the post linked in my signature.

Best,
Marius

shruti

hi,
i have my network  data contains attributes
src-ip, dstn-ip, protocol, sync, ack, sync+ack, time


now i have to find the intrusion on the basis of :
if for the same src ip and dest ip, these  three fields(ack, syn, ack+syn) have  received Boolean value true in three rows  then it's ok otherwise  if there are only ack and syn value true and there is no corrsponding value for ack+syn(i.e. false)  intrusion will be detected.
data is captured using wireshark in .pcap format. how to convert pcap file to csv format.

regards

MariusHelf

Hi,

I don't know the pcap format, can you post a short example?

Anyway, you will end up in a tabular data format in RapidMiner. To propose further steps, we would need the format of this data, too. Maybe you can post a short sample.

Best,
Marius