Enhancing network based intrusion detection for imbalanced data
Authors: Engen, V., Vincent, J. and Phalp, K.
Journal: International Journal of Knowledge-Based and Intelligent Engineering Systems
Volume: 12
Issue: 5-6
Pages: 357-367
eISSN: 1875-8827
ISSN: 1327-2314
DOI: 10.3233/kes-2008-125-605
Abstract:The application of machine learning to intrusion detection has been researched for several decades, however, with varying degrees of success. This paper focuses on two common techniques: Multi Layer Perceptrons (MLPs) and Decision Trees (DTs). Previous research on these techniques has produced contradictory results concerning their ability to detect particular classes of intrusion. Some of these contradictions are argued to be a result of properties of the data set used for empirical study, the KDD Cup '99 data set, which poses several challenges to learning algorithms. One particular challenge is considered here, learning from imbalanced data, which is an intrinsic problem to intrusion detection. Empirical results show that both the DT and MLP trained with back propagation obtain very poor classification rates of the minor classes, particularly U2R (User to Root) intrusions; the MLP often being unable to detect this class. An evolutionary neural network is employed, in which several evaluation functions are examined. Two general fitness measures are used, which lead to similar behaviour to training an MLP with back propagation. However, when employing evaluation functions that calculate the fitness proportionally to the instances of each class, thereby avoiding a bias towards the major class(es) in the data set, significantly improved true positive rates are obtained whilst maintaining a low false positive rate. © 2008 - IOS Press and the authors.
Source: Scopus
Enhancing Network Based Intrusion Detection for Imbalanced Data
Authors: Engen, V., Vincent, J. and Phalp, K.T.
Journal: International Journal of Knowledge-Based Intelligent Engineering Systems
Volume: 12
Pages: 357-367
ISSN: 1327-2314
Abstract:The application of machine learning to intrusion detection has been researched for several decades, however, with varying degrees of success. This paper focuses on two common techniques: Multi Layer Perceptrons (MLPs) and Decision Trees (DTs). Previous research on these techniques has produced contradictory results concerning their ability to detect particular classes of intrusion. Some of these contradictions are argued to be a result of properties of the data set used for empirical study, the KDD Cup ’99 data set, which poses several challenges to learning algorithms. One particular challenge is considered here, learning from imbalanced data, which is an intrinsic problem to intrusion detection. Empirical results show that both the DT and MLP trained with back propagation obtain very poor classification rates of the minor classes, particularly U2R (User to Root) intrusions; the MLP often being unable to detect this class. An evolutionary neural network is employed, in which several evaluation functions are examined. Two general fitness measures are used, which lead to similar behaviour to training an MLP with back propagation. However, when employing evaluation functions that calculate the fitness proportionally to the instances of each class, thereby avoiding a bias towards the major class(es) in the data set, significantly improved true positive rates are obtained whilst maintaining a low false positive rate.
Source: Manual
Preferred by: Keith Phalp