EVALUATING MACHINE LEARNING ALGORITHMS FOR DETECTING NETWORK INTRUSIONS

With recent advances in network based technology and increased dependability of our everyday life on this technology, assuring reliable operation of network based system is very important. Signature based intrusion detection systems cannot detect new attacks. These systems are the most used and developed ones. Current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environments. It is important problems to increase the detection rates and reduce the false positive rates in network intrusion detection systems (NIDS). In this paper, we propose machine learning algorithms such as Random Forest and AdaBoost, along with Naive Bayes, to build an efficient intrusion detection model. We also report our experimental results over KDDCup'1999 datasets. The results shows that the choice of any data mining algorithm is a compromise among the time taken to build the model, detection rate and low false alarm rate .

[1]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[2]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[3]  Robert P. W. Duin,et al.  Precision-recall operating characteristic (P-ROC) curves in imprecise environments , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[4]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[5]  Manas Ranjan Patra,et al.  NETWORK INTRUSION DETECTION USING NAÏVE BAYES , 2007 .

[6]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[7]  Alex Alves Freitas,et al.  An Artificial Immune System for Fuzzy-Rule Induction in Data Mining , 2004, PPSN.

[8]  Tom M. Mitchell,et al.  Machine learning, International Edition , 1997, McGraw-Hill Series in Computer Science.

[9]  Hendrik Kück,et al.  Bayesian formulations of multiple instance learning with applications to general object recognition , 2004 .

[10]  Xiangliang Zhang,et al.  Processing of massive audit data streams for real-time anomaly intrusion detection , 2008, Comput. Commun..

[11]  Pedro M. Domingos,et al.  On the Optimality of the Simple Bayesian Classifier under Zero-One Loss , 1997, Machine Learning.

[12]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[13]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[14]  Liao Hai-bo Bayesian Networks for Knowledge Discovery in Large Medical Data Set , 2008 .

[15]  Leslie G. Valiant,et al.  A theory of the learnable , 1984, STOC '84.

[16]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[17]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[18]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[19]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[20]  Yang Wang,et al.  High-order pattern discovery and analysis of discrete-valued data sets , 1997 .

[21]  N. Lavesson,et al.  A multi-dimensional measure function for classifier performance , 2004, 2004 2nd International IEEE Conference on 'Intelligent Systems'. Proceedings (IEEE Cat. No.04EX791).

[22]  D. Hand,et al.  Idiot's Bayes—Not So Stupid After All? , 2001 .

[23]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.