One-Dependence Estimators for Accurate Detection of Anomalous Network Traffic

Classification of Internet traffic as anomalous has re- mained an issue of concern for the network security re- search community in recent times. Advances in comput- ing performance, in terms of processing power and stor- age, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Na¨ ive Bayes is a statistical inference learning algorithm with promise for document classification, spam detection and intrusion detection. The attribute independence issue associated with NaBayes has been resolved through the development of one dependence estimation algorithms such as Super-Parent One Dependence Estimators (SPODE) and Average One Dependence Estimator (AODE). In this pa- per, we propose the design of an intrusion detection sys- tem based on the classification capabilities of SPODE and AODE for accurate detection of anomalous network traffic. The performance of the proposed scheme is studied and an- alyzed on the KDD-99 intrusion benchmark data set, with significantly high detection rates of the two algorithms as opposed to results obtained through Na¨ ive Bayes simula- tion.

[1]  Kamel Mohamed Faraoun,et al.  Neural Networks Learning Improvement using the K-Means Clustering Algorithm to Detect Network Intrusions , 2007 .

[2]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[3]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[4]  Geoffrey I. Webb,et al.  Not So Naive Bayes: Aggregating One-Dependence Estimators , 2005, Machine Learning.

[5]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[6]  El-Sayed M. El-Alfy,et al.  Using GMDH-based networks for improved spam detection and email feature analysis , 2011, Appl. Soft Comput..

[7]  R. E. Abdel-Aal,et al.  GMDH-based feature ranking and selection for improved classification of medical data , 2005, J. Biomed. Informatics.

[8]  David A. Bell,et al.  Learning Bayesian networks from data: An information-theory based approach , 2002, Artif. Intell..

[9]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[10]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[11]  Erol Gelenbe,et al.  Stability of the Random Neural Network Model , 1990, Neural Computation.

[12]  Georgios Loukas,et al.  A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network , 2007, Comput. J..

[13]  Russell Greiner,et al.  Learning Bayesian Belief Network Classifiers: Algorithms and System , 2001, Canadian Conference on AI.

[14]  Lori L. DeLooze,et al.  Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[15]  James H. Martin,et al.  Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition , 2000 .

[16]  Zoubin Ghahramani,et al.  Propagation Algorithms for Variational Bayesian Learning , 2000, NIPS.

[17]  Geoffrey I. Webb,et al.  Ensemble Selection for SuperParent-One-Dependence Estimators , 2005, Australian Conference on Artificial Intelligence.

[18]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[19]  Eamonn J. Keogh,et al.  Learning augmented Bayesian classifiers: A comparison of distribution-based and classification-based approaches , 1999, AISTATS.

[20]  Erol Gelenbe,et al.  Random Neural Networks with Negative and Positive Signals and Product Form Solution , 1989, Neural Computation.

[21]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .