Identification of New Connections for IP Intrusion Detections using WEKA Platform and KDD

Intrusion detection is an essential mechanism to protect computer systems from many attacks. Clustering is the most acceptable technique to regroup the raw data into clusters but it cannot identify them. In this paper, we present a technique for the identification of unknown TCP connections using K-mean WEKA-based. Specifically, we built mixture models using KDD cup 99 and our traffic traces cancroids approach to find component behavior patterns (forensics). In this paper, we presented a six-step method for identifying the organization connections into a normal class or one of the major attack categories i.e. DoS, Probe, R2L, U2R. The validation of the semi-supervised algorithm was conducted for testing the accuracy of our methodology. The evaluation process yields outstanding results. Only the attack U2R has 80% of output similarity, but other categories have 100% of output similarities. Finally, we generated recommendations and some avenues for future research.