Towards data fusion-based big data analytics for intrusion detection

Intrusion detection is seen as the most promising way for computer security. It is used to protect computer networks against different types of attacks. The major problem in the literature is the classification of data into two main classes: normal and intrusion. To solve this problem, several approaches have been proposed but the problem of false alarms is still present. To provide a solution to this problem, we have proposed a new intrusion detection approach based on data fusion. The main objective of this work is to suggest an approach of data fusion-based Big Data analytics to detect intrusions; It is to build one dataset which combines various datasets and contains all the attack types. This research consists in merging the heterogeneous datasets and removing redundancy information using Big Data analytics tools: Hadoop/MapReduce and Neo4j. In the next step, machine learning algorithms are implemented for learning. The first algorithm, called SSDM (Semantically Similar Data Miner), uses fuzzy logic to generate association rules between the different item sets. The second algorithm, called K2, is a score-based greedy search algorithm for learning Bayesian networks from data. Experimentation results prove that - in both cases - data fusion contributes to having very good results.