Intrusion Detection Systems (IDS) are used in computer networks to safeguard the integrity and confidentiality of sensitive data. In recent years, network traffic has become sizeable enough to be considered under the big data domain. Current machine learning based techniques used in IDS are largely defined on eager learning paradigms which lose performance efficiency by trying to generalize training data before receiving queries thereby incurring overheads for trivial computations. This paper, proposes the use of lazy learning methodologies to improve overall performance of IDS. A novel heuristic weight based indexing technique has been used to overcome the drawback of high search complexity inherent in lazy learning. IBk and LWL, two popular lazy learning algorithms have been compared and applied on the NSL-KDD dataset for simulating a real-world like scenario and comparing their relative performances with hw-IBk. The results of this paper clearly indicate lazy algorithms as a viable solution for real-world network intrusion detection.

Introduction

The predominant strategy for observing systems for vindictive movement or information infringement is the utilization of Intrusion Detection System (IDS). Any identified approach of infringement is ordinarily revealed either to an overseer or accumulated midway utilizing a Security Information and Event Management (SIEM) framework. A SIEM framework system-cluster comes about because of numerous sources and makes utilization of preventive sifting procedures to decide the validity of identified assault.Network Intrusion Detection Systems (NIDS) are strategically positioned and demonstrate the framework screen motion between all nodes on the framework. It supervises the actions on the entire network and unusual subnet activities are corresponded to a library of assaults that are already known.Once an assault is recognized, or irregular conduct is detected, the caution can be sent to the administrator. A case of an NIDS would introduce it on the subnet where firewalls are situated, so as to check whether somebody is attempting to break into the firewall. In a perfect world, one would check all inbound and outbound activity; however, doing as such, may make a bottleneck that would weaken the general speed of the system. OPNET and NetSim are regularly utilized instruments for reproducingnetwork intrusion discovery frameworks. NID Systems are additionally equipped for contrasting marks for comparative bundles with connection and drop unsafe distinguished parcels which have a mark coordinating the records in the NIDS.NIDS can be characterizedinto two subgroups based on the intuitiveness of the framework, namely, disconnected and online NIDS. Disconnected NIDS detect assaults by passing the information through a set ofprocedures[6]. In the case of Online NIDS, Ethernet bundles are scrutinized and tenets are applied to detect assaults.