Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.Comment: 14 Pages, IJNS

Network intrusion detection with Naïve Bayes Classification and Self Organizing Maps

University of Technology, Sydney. Faculty of Engineering and Information Technology.In this digital period, internet has turned into an indispensable wellspring of correspondence in just about every calling. With the expanded use of system engineering, its security has developed to be exceptionally discriminating issue as the workstations in distinctive association hold very private data and touchy information. The system used to screen the system security is known as Network detection. Intrusion detection is to get ambushes against a machine structure. It is a discriminating enhancement great to go part and additionally an element extent of examination. In Information Security, Intrusion recognizable proof is the showing of placing exercises that attempt to deal the protection, respectability or availability of a benefit. It accepts an astoundingly key part in waylay area, security check and framework inspect. One of the vital tests to Intrusion Detection is the issue of misjudgement, misdetection and unsuccessful deficiency of steady response to the strike. In the past years, as the second line of boundary after firewall, the Intrusion Detection strategy has got speedy progression. This research work prepares two diverse Machine Learning techniques, both supervised and unsupervised, for Network Intrusion Detection. These techniques are Naïve Bayes (supervised learning) and Self Organizing Maps (unsupervised learning). The KDD Cup 99 dataset is utilized for Intrusion Detection Problem. As KDD Cup 99 dataset holds some symbolic attribute and also numeric attributes, two sorts of transformation technique have been utilized for these properties. These are conditional probabilities conversion technique and indicator variables transformation. The two machine learning procedures are prepared on both kind of transformed dataset and afterward their outcomes are looked at with respect to the correctness of intrusion detection

The Effect of Normalization on Intrusion Detection Classifiers (Na�ve Bayes and J48)

Intrusion Detection has become an inevitable area for commercial applications and academic research. Network traffic is typically very high volume and consists of both qualitative and quantitative data with different range of values. Raw data needs to be pre-processed before fed into any learning model and the most used technique is normalization [1]. Attribute normalization eliminates the dominance of attributes with extreme values by scaling it within the range. However, many intrusion detection methods do not normalize attributes before training and detection [2]. Network traffic data contains features that are qualitative or quantitative nature and has to be treated differently [3]. This work studies the effect of normalization on Naive Bayes and J48 Decision tree classifier with the corrected KDDCUP99 and Kyoto 2006+ dataset. A comprehensive approach for normalization for network traffic attributes has been proposed

Intrusion Detection System using Bayesian Network Modeling

Computer Network Security has become a critical and important issue due to ever increasing cyber-crimes. Cybercrimes are spanning from simple piracy crimes to information theft in international terrorism. Defence security agencies and other militarily related organizations are highly concerned about the confidentiality and access control of the stored data. Therefore, it is really important to investigate on Intrusion Detection System (IDS) to detect and prevent cybercrimes to protect these systems. This research proposes a novel distributed IDS to detect and prevent attacks such as denial service, probes, user to root and remote to user attacks. In this work, we propose an IDS based on Bayesian network classification modelling technique. Bayesian networks are popular for adaptive learning, modelling diversity network traffic data for meaningful classification details. The proposed model has an anomaly based IDS with an adaptive learning process. Therefore, Bayesian networks have been applied to build a robust and accurate IDS. The proposed IDS has been evaluated against the KDD DAPRA dataset which was designed for network IDS evaluation. The research methodology consists of four different Bayesian networks as classification models, where each of these classifier models are interconnected and communicated to predict on incoming network traffic data. Each designed Bayesian network model is capable of detecting a major category of attack such as denial of service (DoS). However, all four Bayesian networks work together to pass the information of the classification model to calibrate the IDS system. The proposed IDS shows the ability of detecting novel attacks by continuing learning with different datasets. The testing dataset constructed by sampling the original KDD dataset to contain balance number of attacks and normal connections. The experiments show that the proposed system is effective in detecting attacks in the test dataset and is highly accurate in detecting all major attacks recorded in DARPA dataset. The proposed IDS consists with a promising approach for anomaly based intrusion detection in distributed systems. Furthermore, the practical implementation of the proposed IDS system can be utilized to train and detect attacks in live network traffi

Efficient classification using parallel and scalable compressed model and Its application on intrusion detection

In order to achieve high efficiency of classification in intrusion detection, a compressed model is proposed in this paper which combines horizontal compression with vertical compression. OneR is utilized as horizontal com-pression for attribute reduction, and affinity propagation is employed as vertical compression to select small representative exemplars from large training data. As to be able to computationally compress the larger volume of training data with scalability, MapReduce based parallelization approach is then implemented and evaluated for each step of the model compression process abovementioned, on which common but efficient classification methods can be directly used. Experimental application study on two publicly available datasets of intrusion detection, KDD99 and CMDC2012, demonstrates that the classification using the compressed model proposed can effectively speed up the detection procedure at up to 184 times, most importantly at the cost of a minimal accuracy difference with less than 1% on average