An AODE-based intrusion detection system for computer networks

Detecting anomalous traffic on the Internet has remained an issue of concern for the community of security researchers over the years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Naïve Bayes is a statistical inference learning algorithm with promise for document classification, spam detection and intrusion detection. The attribute independence issue associated with Naïve Bayes has been resolved through the development of the Average One Dependence Estimator (AODE) algorithm. In this paper, we propose the application of AODE for intrusion detection. The performance of the proposed scheme is studied and analyzed on the KDD-99 intrusion benchmark data set. With a detection rate of 99.7%, AODE outperformed Naïve Bayes, which reported a detection rate of 97.3%, and a larger number of false positives.

[1]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[2]  Kamel Mohamed Faraoun,et al.  Neural Networks Learning Improvement using the K-Means Clustering Algorithm to Detect Network Intrusions , 2007 .

[3]  James H. Martin,et al.  Speech and language processing: an introduction to natural language processing , 2000 .

[4]  James H. Martin,et al.  Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition , 2000 .

[5]  El-Sayed M. El-Alfy,et al.  Using GMDH-based networks for improved spam detection and email feature analysis , 2011, Appl. Soft Comput..

[6]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[7]  Georgios Loukas,et al.  A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network , 2007, Comput. J..

[8]  R. E. Abdel-Aal,et al.  GMDH-based feature ranking and selection for improved classification of medical data , 2005, J. Biomed. Informatics.

[9]  Geoffrey I. Webb,et al.  Ensemble Selection for SuperParent-One-Dependence Estimators , 2005, Australian Conference on Artificial Intelligence.

[10]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[11]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[12]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[13]  Erol Gelenbe,et al.  Stability of the Random Neural Network Model , 1990, Neural Computation.

[14]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[15]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[16]  Eamonn J. Keogh,et al.  Learning augmented Bayesian classifiers: A comparison of distribution-based and classification-based approaches , 1999, AISTATS.

[17]  Russell Greiner,et al.  Learning Bayesian Belief Network Classifiers: Algorithms and System , 2001, Canadian Conference on AI.

[18]  Zoubin Ghahramani,et al.  Propagation Algorithms for Variational Bayesian Learning , 2000, NIPS.

[19]  Erol Gelenbe,et al.  Random Neural Networks with Negative and Positive Signals and Product Form Solution , 1989, Neural Computation.

[20]  Lori L. DeLooze,et al.  Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[21]  Geoffrey I. Webb,et al.  Not So Naive Bayes: Aggregating One-Dependence Estimators , 2005, Machine Learning.