Apriori Form : We are using apriori algorithm.

Select Input Button: Click on this button, it shows Select Apriori Input form. On this form check the parameters then press forward arrow button . then click on folder Icon it opens input files folder from that folder select kddcupnewtestdata.csv file. Then click on Extract Icon. It will ask for how many record enter no of records you want eg. 10, 20, 30. Then give output file name eg. Abcd

Rule Generation Button: Click on oprn folder Icon. Choose the file we created. Ie. Abcd. It will ask for number of attribute enter 4 Then click on Click it first it ask minimum support enter 2 Click on finish. Confidence Button : click on button. It shows new form click on open folder Icon select L3.csv file Click on finish. Close the form.

PREPROCESS DATA:

Preprocess All button: It all same as click on Select Input Button on Apriori form

Preprocess Selected button: It all same as click on Select Input Button on Apriori form. The only difference In this is we are giving the range of row number.

Separate Attack files: In this we are creating attack files in the trained attack files folder. Now for ex. We are working on buffer overflow then first check file of this name is exist in trained attack files folder if exist delete this file and duplicate file also. Means buffer overflow and buffer overflowDup. Now click on separate attack files button Select buffer overflow from drop down

After selecting click on open folder icon then select kddcup labeled.txt then click on extract icon close the form.

Remove Duplicates Button: click on button then click on open folder Icon then select the file created in trained attack files folder while creating separate attack files ie. We have created buffer overflow file. Now click on remove duplicates. Close the form.

Manual Rule Generation: Enter source ip anyone ip for ex. 192.168.10.1 Enter destination ip anyone ip for ex. 172.168.10.1 Source port Destination port

Click finish.

Anamoly Detection: change this name to attack detection Check Complete Packet : click on open file select test data.txt file Click on check. Now open last tab Analyze: click on view file. Select the anomalydata file and open it. It shows the result scroll down to see result.

Check live traffic button: Click on open folder icon it opens capture files folder select any one file from existing files from same folder.

Analyze tab:

Calculate attack percentage button: click on open folder select anamolydata file then click on calculate percentage button it ask for file name give name to file.

View file button: select created file from attack percentage folder. Now click on visualize data. Visualize Data button: Add some numeric value to the white space seen on the screen say 20. Now if the attack percentage is greater than added value ie, 20 in this case. Then only alert is generated for attack and graph is created. After adding value in that testbox go to the file menu select show graph it says to select file then select the created file in attack percentage folder. It shows the graph.

To know how the percentage is calculated please check the code