An Intrusion Detection System is a software application which monitors a network or systems for malicious activity or policy violations. A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces. A HIDS analyzes the traffic to and from the specific computer on which the intrusion detection software is
installed. A host-based system also has the ability to monitor key system files and any attempt to overwrite these files.
Over the years, mankind has made great progress with technology. In today’s context the internet has been a great source of everything such as entertainment, work, classes communication and the list goes on. But there are consequences to them as our data is being compromised in the process. There is a problem of how secure our data Is and how it is being used. The traditional security system can no longer be used to detect the intrusion due to complex intrusion behavior. Data mining is the process of finding the important data from a large dataset which can be used with machine learning techniques to build an efficient model. In this project we will be using NSL KDD dataset. We will use various classifiers and compare them to analyze NSL KDD dataset and the classifier which will have
greatest accuracy will be considered the best.
Various drawbacks of KDD CUP 99 which was the main cause to decrease in the
performance of various IDS  led to the invention of NSL KDD dataset. NSL KDD is the refined version and also called the successor of KDD CUP dataset. It consists of all the needed attributes from KDD CUP dataset. It is an open source data and can be downloaded easily . The advantage of using this dataset is redundant record is removed and sufficient number of records is present for train and test data. It consists of 41 attributes which is classified under Nominal, Binary and Numeric 1.
One more attribute is added as class which is 42nd attribute. There are two types of class called Normal and Anomaly. Anomaly class can be further divided into DOS, PROBE, R2L and U2R. For experiment purpose only two classes are considered: Normal and Anomaly.
To compare and analyze the accuracy of different algorithms for intrusion detection.