International Journal of Emerging Technology and Advanced Engineering (IJETAE)
Intrusion Detection Systems (IDSs) can easily create thousands of alerts per day, up to 99% of which are false positives (i.e., alerts that are triggered incorrectly by benign events). This makes it extremely hard for to analyze and react to attacks. Data mining generally refers to the process of extracting models from large stores of data. The intrusion detection system first apply data mining programs to audit data to compute frequent patterns, extract features, and then use classification algorithms to compute detection models. The most important step of this process is to determine relations between fields in the database records to construct features. The standard association rules have not enough expressiveness.