Abstract

Network security is becoming increasingly important in today’s internet-worked systems. With development of internet, its use on public networks, number and severity of security threats has increased significantly. Intrusion Detection System can provide a layer of security to these systems. Intrusion Detection can be defined as the act of detecting actions that attempt to compromise confidentiality, integrity or availability of a resource”. More specifically, goal of intrusion detection system is to identify entities who attempt to subvert in-place security controls. At present, two fundamental problems, quantity and quality of outputs i.e. false alarms or alerts of IDS, have not been solved well.  The pattern of attack changes frequently. Thus IDS should upgrade accordingly. The changes in patterns are mainly manifestations of attack. Pattern based IDS provides very low false alarms as compare to heuristic/anomaly based IDS. In real world it is very difficult to have large labeled data for training. Supervised approach can't be used in this case. So in this work we propose a semi-supervised approach for pattern based IDS. Our approach uses supervised algorithm as a black box and then filters unlabelled data with predicted label for training system. The experimentation is performed on KDD CUP99 dataset and NSL KDD data which is revised KDD CUP 99 data.