Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification
In this paper, a new learning approach for network
intrusion detection using naïve Bayesian classifier and ID3 algorithm
is presented, which identifies effective attributes from the training
dataset, calculates the conditional probabilities for the best attribute
values, and then correctly classifies all the examples of training and
testing dataset. Most of the current intrusion detection datasets are
dynamic, complex and contain large number of attributes. Some of
the attributes may be redundant or contribute little for detection
making. It has been successfully tested that significant attribute
selection is important to design a real world intrusion detection
systems (IDS). The purpose of this study is to identify effective
attributes from the training dataset to build a classifier for network
intrusion detection using data mining algorithms. The experimental
results on KDD99 benchmark intrusion detection dataset demonstrate
that this new approach achieves high classification rates and reduce
false positives using limited computational resources.
[1] Richard Heady, George Luger, Arthur Maccabe, and Mark Servilla,
"The Architecture of a Network Level Intrusion Detection System,"
Technical report, University of New Mexico, 1990.
[2] James P. Anderson, "Computer Security Threat Monitoring and
Surveillance," Technical report, James P. Anderson Co., Fort
Washington, Pennsylvania. April 1980.
[3] Dorothy E. Denning, "An Intrusion Detection Model," IEEE Transaction
on Software Engineering, SE-13(2), 1987, pp. 222-232.
[4] Mukkamala S., Sung A. H. and Abraham A., "Intrusion Detection using
Ensemble of Soft Computing Paradigms," In Proceedings of the 3rd
International Conference on Intelligent Systems Design and
Applications, Springer Verlag Germany, 2003, pp. 209-217.
[5] W.K. Lee, and S.J.Stolfo, "A Data Mining Framework for Building
Intrusion Detection Models," In Proceedings of the IEEE Symposium on
Security and Privacy, Oakland, CA: IEEE computer Society Press, 1999,
pp. 120-132.
[6] Commission of the European Communities, "Information Technology
Security Evaluation Criteria," Version 2.1.1991.
[7] MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/idaval/
[8] Marcus A. Maloof, and Ryszard S. Michalski, "Incremental learning
with partial instance memory," In Proceedings of Foundations of
Intelligent Systems: 13th International Symposium, ISMIS 2002, volume
2366 of Lecture Notes in Artificial Intelligence, Springer-Verlag, 2002,
pp. 16-27.
[9] Wenke Lee, "A Data Mining Framework for Constructing Features and
Models for Intrusion Detection Systems," PhD thesis, Columbia
University, 1999.
[10] Wei Fan, "Cost-Sensitive, Scalable and Adaptive Learning using
Ensemble-based Methods," PhD thesis, Columbia University, 2001.
[11] M.A. Maloof and R.S. Michalski, "A partial memory incremental
learning methodology and its applications to computer intrusion
detection," Reports of the Machine Learning and Inference Laboratory
MLI 95-2, Machine Learning and Inference Laboratory, George Mason
University, 1995.
[12] Kenneth A. Kaufman, Guido Cervone, and Ryszard S. Michalski, "An
application of Symbolic Learning to Intrusion Detection: Preliminary
Result from the LUS Methodology," Reports of the Machine Learning
and Inference Laboratory MLI 03-2, Machine Learning and Inference
Laboratory, George Mason University, 2003.
[13] C. Elkan. (2007, Jan, 27). Results of the KDD-99 Knowledge Discovery
Contest [Online]. Available:
http://www-cse.ucsd.edu/users/elkan/clresults.html
[14] Tadeusz Pietraszek, and Chris Vanden Berghe, "Defending Against
Injection Attacks through Context-sensitive String Evaluation," In
Recent Advances in Intrusion Detection (RAID2005), volume 3858 of
Lecture Notes in Computer Science, Seattle, WA, 2005, Springer-
Verlag, pp. 124-145.
[15] The PHP Group, PHP hypertext preprocessor, Web page at
http://www.php.net. 2001-2004
[16] The phpBB group, phpBB,com, Web page at http://www.phpbb,com.
2001-1004
[17] Martin Roesch, "SNORT: The Open Source Network Intrusion System,"
Official web page of Snort at http://www.snort.org, 1998-2005.
[18] X. Xu, X.N. Wang, "Adaptive network intrusion detection method based
on PCA and support vector machines," Lecture Notes in Artificial
Intelligence, ADMA 2005, LNAI 3584, 2005, pp. 696-703.
[19] D.Y. Yeung, and Y.X. Ding, "Host-based intrusion detection using
dynamic and static behavioral model," Pattern Recognition, 36, 2003,
pp. 229-243.
[1] Richard Heady, George Luger, Arthur Maccabe, and Mark Servilla,
"The Architecture of a Network Level Intrusion Detection System,"
Technical report, University of New Mexico, 1990.
[2] James P. Anderson, "Computer Security Threat Monitoring and
Surveillance," Technical report, James P. Anderson Co., Fort
Washington, Pennsylvania. April 1980.
[3] Dorothy E. Denning, "An Intrusion Detection Model," IEEE Transaction
on Software Engineering, SE-13(2), 1987, pp. 222-232.
[4] Mukkamala S., Sung A. H. and Abraham A., "Intrusion Detection using
Ensemble of Soft Computing Paradigms," In Proceedings of the 3rd
International Conference on Intelligent Systems Design and
Applications, Springer Verlag Germany, 2003, pp. 209-217.
[5] W.K. Lee, and S.J.Stolfo, "A Data Mining Framework for Building
Intrusion Detection Models," In Proceedings of the IEEE Symposium on
Security and Privacy, Oakland, CA: IEEE computer Society Press, 1999,
pp. 120-132.
[6] Commission of the European Communities, "Information Technology
Security Evaluation Criteria," Version 2.1.1991.
[7] MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/idaval/
[8] Marcus A. Maloof, and Ryszard S. Michalski, "Incremental learning
with partial instance memory," In Proceedings of Foundations of
Intelligent Systems: 13th International Symposium, ISMIS 2002, volume
2366 of Lecture Notes in Artificial Intelligence, Springer-Verlag, 2002,
pp. 16-27.
[9] Wenke Lee, "A Data Mining Framework for Constructing Features and
Models for Intrusion Detection Systems," PhD thesis, Columbia
University, 1999.
[10] Wei Fan, "Cost-Sensitive, Scalable and Adaptive Learning using
Ensemble-based Methods," PhD thesis, Columbia University, 2001.
[11] M.A. Maloof and R.S. Michalski, "A partial memory incremental
learning methodology and its applications to computer intrusion
detection," Reports of the Machine Learning and Inference Laboratory
MLI 95-2, Machine Learning and Inference Laboratory, George Mason
University, 1995.
[12] Kenneth A. Kaufman, Guido Cervone, and Ryszard S. Michalski, "An
application of Symbolic Learning to Intrusion Detection: Preliminary
Result from the LUS Methodology," Reports of the Machine Learning
and Inference Laboratory MLI 03-2, Machine Learning and Inference
Laboratory, George Mason University, 2003.
[13] C. Elkan. (2007, Jan, 27). Results of the KDD-99 Knowledge Discovery
Contest [Online]. Available:
http://www-cse.ucsd.edu/users/elkan/clresults.html
[14] Tadeusz Pietraszek, and Chris Vanden Berghe, "Defending Against
Injection Attacks through Context-sensitive String Evaluation," In
Recent Advances in Intrusion Detection (RAID2005), volume 3858 of
Lecture Notes in Computer Science, Seattle, WA, 2005, Springer-
Verlag, pp. 124-145.
[15] The PHP Group, PHP hypertext preprocessor, Web page at
http://www.php.net. 2001-2004
[16] The phpBB group, phpBB,com, Web page at http://www.phpbb,com.
2001-1004
[17] Martin Roesch, "SNORT: The Open Source Network Intrusion System,"
Official web page of Snort at http://www.snort.org, 1998-2005.
[18] X. Xu, X.N. Wang, "Adaptive network intrusion detection method based
on PCA and support vector machines," Lecture Notes in Artificial
Intelligence, ADMA 2005, LNAI 3584, 2005, pp. 696-703.
[19] D.Y. Yeung, and Y.X. Ding, "Host-based intrusion detection using
dynamic and static behavioral model," Pattern Recognition, 36, 2003,
pp. 229-243.
@article{"International Journal of Information, Control and Computer Sciences:55600", author = "Dewan Md. Farid and Jerome Darmont and Nouria Harbi and Nguyen Huu Hoa and Mohammad Zahidur Rahman", title = "Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification", abstract = "In this paper, a new learning approach for network
intrusion detection using naïve Bayesian classifier and ID3 algorithm
is presented, which identifies effective attributes from the training
dataset, calculates the conditional probabilities for the best attribute
values, and then correctly classifies all the examples of training and
testing dataset. Most of the current intrusion detection datasets are
dynamic, complex and contain large number of attributes. Some of
the attributes may be redundant or contribute little for detection
making. It has been successfully tested that significant attribute
selection is important to design a real world intrusion detection
systems (IDS). The purpose of this study is to identify effective
attributes from the training dataset to build a classifier for network
intrusion detection using data mining algorithms. The experimental
results on KDD99 benchmark intrusion detection dataset demonstrate
that this new approach achieves high classification rates and reduce
false positives using limited computational resources.", keywords = "Attributes selection, Conditional probabilities,information gain, network intrusion detection.", volume = "3", number = "12", pages = "2810-5", }
