nach oben

Journal of Network and Systems Management

Erschienen in:

01.12.2008

Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

verfasst von: Satoru Ohta, Ryosuke Kurebayashi, Kiyoshi Kobayashi

Erschienen in: Journal of Network and Systems Management | Ausgabe 4/2008

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Machine learning or data mining technologies are often used in network intrusion detection systems. An intrusion detection system based on machine learning utilizes a classifier to infer the current state from the observed traffic attributes. The problem with learning-based intrusion detection is that it leads to false positives and so incurs unnecessary additional operation costs. This paper investigates a method to decrease the false positives generated by an intrusion detection system that employs a decision tree as its classifier. The paper first points out that the information-gain criterion used in previous studies to select the attributes in the tree-constructing algorithm is not effective in achieving low false positive rates. Instead of the information-gain criterion, this paper proposes a new function that evaluates the goodness of an attribute by considering the significance of error types. The proposed function can successfully choose an attribute that suppresses false positives from the given attribute set and the effectiveness of using it is confirmed experimentally. This paper also examines the more trivial leaf rewriting approach to benchmark the proposed method. The comparison shows that the proposed attribute evaluation function yields better solutions than the leaf rewriting approach.

Vorheriger Artikel A Framework for Providing User Level Quality of Service Guarantees in Multi-Class Rate Adaptive Systems

Nächster Artikel A Minimum Cut Interference-based Integrated RWA Algorithm for Multi-constrained Optical Transport Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Mehra, R.K.: Proactive intrusion detection and distributed denial of service attacks—a case study in security management. J. Netw. Syst. Manage. 10(2), 225–254 (2002)CrossRef

Jiang, J., Papavassiliou, S.: Detecting network attacks in the internet via statistical network traffic normality prediction. J. Netw. Syst. Manage. 12(1), 51–72 (2004)CrossRef

Koutepas, G., Stamatelopoulos, F., Maglaris, B.: Distributed management architecture for cooperative detection and reaction to DDoS attacks. J. Netw. Syst. Manage. 12(1), 73–94 (2004)CrossRef

Marks, D.G., Mell, P., Stinson, M.: Optimizing the scalability of network intrusion detection systems using mobile agents. J. Netw. Syst. Manage. 12(1), 95–110 (2004)CrossRef

Kulkarni, A., Bush, S.: Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. J. Netw. Syst. Manage. 14(1), 69–80 (2006)CrossRef

Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132 (May 1999)

Hayashi, T., Fung, S., Kurebayashi, R., Kobayashi, K., Ohta, S.: A performance tuning method in intrusion detection using Bayesian networks, IPSJ SIG Technical Report, 2004-CSEC-27, pp. 69–76 (2004)

Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs. decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424, Nicosia, Cyprus (2004)

Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol analysis in intrusion detection using decision tree. In: Proceedings of the ITCC’04, pp. 404–408, Las Vegas, NV (2004)

10.

Kruegel, C., Tosh, T.: Using decision trees to improve signature-based intrusion detection. In: Proceedings of the RAID 2003, LNCS2820, pp. 173–191, Pittsburg, PA (September 2003)

11.

Stein, G., Chen, B., Wu, A.S., Hua, K.A.: Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd ACM Southeast Regional Conference, pp. 136–141, Kennesaw, GA (2005)

12.

Cannady, J.: Artificial neural networks for misuse detection. In: Proceedings of the NISSC’98, pp. 443–456, Arlington, VA (1998)

13.

Bivens, A., Palagiri, C., Smith, R., Szymanski, B.: Network-based intrusion detection using neural networks. In: Proceedings of the ANNIE2002, pp. 579–584, St. Louis, MO (2002)

14.

Pan, Z.-s., Chen, S.-c., Hu, G.-b., Zhang, D.-q.: Hybrid neural network and C4.5 for misuse detection. In: Proceedings of the 2nd International Conference on Machine Learning and Cybernetics, Xi’an, China (2003)

15.

Yamanishi, K., Takeuchi, J.: Discovering outlier filtering rules from unlabeled data. In: Proceedings of the 2001 International Conference on Knowledge Discovery and Data Mining (KDD 01), pp. 389–394, San Francisco, CA, USA (August 2001)

16.

Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer Communications Security, pp. 1–7, Kent Ridge Digital Labs, Singapore (1999)

17.

Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: Proceedings of the 10th USENIX Security Symposium, Washington, DC (August 2001)

18.

Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, Los Altos, CA (1993)

19.

Brulé, J.D., Johnson, R.A., Kletsky, E.J.: Diagnosis of equipment failures. IRE Trans. Reliab. Control RQC-9, 23–34 (1960)

20.

Goodman, R.M., Smyth, P.: Decision tree design from a communication theory standpoint. IEEE Trans. Inf. Theory IT-34(5), 979–994 (1988)CrossRefMathSciNet

21.

Berry, M.J.A.: Mining the Wallet—Use Data Mining to Determine the Best Next Offer, http://www.intelligententerprise.com/db_area/archives/1999/992206/decision.html (1999)

22.

Spiliopoulou, M.: Data Mining for Business Applications Classification, http://omen.cs.uni-magdeburg.de:8080/iti_kmd/lehre/WS03/Slides/DM_Marketing/KDDmarkt_dts.pdf (2003)

23.

Ohta, S., Kanaya, F.: Optimal decision tree design based on information theoretical cost bound. IEICE Trans. E74(9), 2523–2530 (1991)

24.

KDD Cup 99 data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999)

Titel: Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet
verfasst von: Satoru Ohta
Ryosuke Kurebayashi
Kiyoshi Kobayashi
Publikationsdatum: 01.12.2008
Verlag: Springer US
Erschienen in: Journal of Network and Systems Management / Ausgabe 4/2008
Print ISSN: 1064-7570
Elektronische ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-008-9102-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2008

A Minimum Cut Interference-based Integrated RWA Algorithm for Multi-constrained Optical Transport Networks

Resilient Networks and Services: A Report on AIMS 2008

A Framework for Providing User Level Quality of Service Guarantees in Multi-Class Rate Adaptive Systems

Probe Station Placement for Robust Monitoring of Networks

Report on the 2nd International Summer School on Network and Service Management (ISSNSM’08)

Policy-Based Grooming in Optical Networks

Premium Partner