Abstract
This paper presents a data mining algorithm , namely Clustering and Classification Algorithm - Supervised (CCA-S), which we developed for detecting intrusions into computer network systems for intrusion detection. CCA-S is used to learn signature patterns of both normal and intrusive activities in the training data, and to classify the activities in the testing data as normal or intrusive based on the learned signature patterns of normal and intrusive activities. CCA-S differs from many existing data mining techniques in its ability in scalable, incremental learning. We tested CCA-S and two popular decision tree algorithms, and obtained their performance for an intrusion detection problem. CCA-S produced better intrusion detection performance than these popular decision tree algorithms.
Keywords
computer security, intrusion detection, signature recognition, data mining