Resource-sensitive intrusion detection models for network traffic

Network security has become an important issue in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences have never been more risk from the increasing onslaught of computer attacks than more recently. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial losses if business operations are compromised. Intrusion detection systems (IDS) have been used along with data mining and machine learning efforts to detect intruders. However, with the limitation of organizational resources, it is unreasonable to inspect every network alarm raised by the ids. Towards resource-and cost-sensitive IDS models we investigate the Modified Expected Cost of Misclassification as a model selection measure for building goal oriented intrusion detection classifier. The case study presented is that of the DARPA 1998 offline intrusion detection project. The empirical results show promise for building a resource-based intrusion detection model.

[1]  Johannes Fürnkranz,et al.  Incremental Reduced Error Pruning , 1994, ICML.

[2]  E. Bloedorn,et al.  Data mining for network intrusion detection : How to get started , 2001 .

[3]  Seth E. Webster The development and analysis of intrusion detection algorithms , 1998 .

[4]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Taghi M. Khoshgoftaar,et al.  Classification of Fault-Prone Software Modules: Prior Probabilities, Costs, and Model Evaluation , 1998, Empirical Software Engineering.

[6]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.

[7]  Salvatore J. Stolfo,et al.  Algorithms for mining system audit data , 2002 .

[8]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[9]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection , 2000 .

[11]  Prem Uppuluri,et al.  Building survivable systems: an integrated approach based on intrusion detection and damage containment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.