A Comparative Study of Classification Techniques for Intrusion Detection

Intrusion detection is one of the major research problems in network security. It is the process of monitoring and analyzing network traffic data to detect security violations. Mining approach can play very important role in developing an intrusion detection system. The network traffic can be classified into normal and anomalous in order to detect intrusions. In our paper, top-ten classification algorithms namely J48, BayesNet, Logistic, SGD, IBK, JRip, PART, Random Forest, Random Tree and REPTree were selected after experimenting with more than twenty most widely used classification algorithms. The comparison of these top-ten classification algorithms is presented in this paper based upon their performance metrics to find out the best suitable algorithm available. Performance of the classification models is measured using 10-fold cross validation. Experiments and assessments of these methods are performed in WEKA environment using NSL-KDD dataset.

[1]  G. MeeraGandhi Machine Learning Approach for Attack Prediction and Classification using Supervised Learning Algorithms , 2010 .

[2]  Chandrasekaran,et al.  Study on Classification Algorithms for Network Intrusion Systems , 2012 .

[3]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[4]  Sophia Ananiadou,et al.  Stochastic Gradient Descent Training for L1-regularized Log-linear Models with Cumulative Penalty , 2009, ACL.

[5]  M. Hemalatha,et al.  Perspective analysis of machine learning algorithms for detecting network intrusions , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[6]  P Srinivasulu,et al.  Classifying the Network Intrusion Attacks using Data Mining Classification Methods and their Performance Comparison , 2009 .

[7]  Usama M. Fayyad,et al.  Knowledge Discovery in Databases: An Overview , 1997, ILP.

[8]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[9]  Xiaoning Zhang,et al.  Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[10]  Pat Langley,et al.  An Analysis of Bayesian Classifiers , 1992, AAAI.

[11]  G Kalyani,et al.  Performance Assessment of Different Classification Techniques for Intrusion Detection , 2012 .

[12]  Michael Neethu Classification of Intrusion Detection Dataset using machine learning Approaches , 2012 .

[13]  Yuh-Jye Lee,et al.  A three-tier IDS via data mining approach , 2007, MineNet '07.

[14]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[15]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[16]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[17]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[18]  E. K. Reddy,et al.  A Study of Intrusion Detection in Data Mining , 2011 .

[19]  Joseph B. Kadane,et al.  Scan Detection on Very Large Networks Using Logistic Regression Modeling , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).