tailieunhanh - Enhancing network intrusion classification through the kolmogorov - smirnov splitting criterion

The single decision tree gives best results for minority classes, cost metric and global accuracy compared with the bagged boosting of trees of the KDDCup’99 winner and classical decision tree algorithms using the Shannon entropy. In contrast to the complex model of KDDCup winner, our decision tree represents inductive rules (IF-THEN) that facilitate human interpretation. | Journal of Science and Technology Volume 48, Issue 4, 2010 pp. 50-61 ENHANCING NETWORK INTRUSION CLASSIfiCATION THROUGH THE KOLMOGOROV-SMIRNOV SPLITTING CRITERION THANH-NGHI DO, PHILIPPE LENCA, AND STÉPHANE LALLICH ABSTRACT Our investigation aims at detecting network intrusions using decision tree algorithms. Large differences in prior class probabilities of intrusion data have been reported to hinder the performance of decision trees. We propose to replace the Shannon entropy used in tree induction algorithms with a Kolmogorov Smirnov splitting criterion which locates a Bayes optimal cutpoint of attributes. The Kolmogorov-Smirnov distance based on the cumulative distributions is not degraded by class imbalance. Numerical test results on the KDDCup99 dataset showed that our proposals are attractive to network intrusion detection tasks. The single decision tree gives best results for minority classes, cost metric and global accuracy compared with the bagged boosting of trees of the KDDCup’99 winner and classical decision tree algorithms using the Shannon entropy. In contrast to the complex model of KDDCup winner, our decision tree represents inductive rules (IF-THEN) that facilitate human interpretation. 1. INTRODUCTION Nowadays the increasing pervasiveness of communication between computer networks and the development of the internet transform the way people live, work and play. In addition, the number of intrusions into computer systems is also growing. Therefore, security of computer networks plays a strategic role in modern computer systems. Many rule-based systems use their rule sets to detect network intrusions. Unfortunately, due to the huge volume of network traffic, coding the rules by security experts becomes difficult and time-consuming. Since machine learning techniques can build intrusion detection models adaptively, this kind of network intrusion detection has significant advantages over rule-based ones. Over the last several years, a growing .

TỪ KHÓA LIÊN QUAN