A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection
- 456 Downloads
Network intrusion detection research work that employed KDDCup 99 dataset often encounter challenges in creating classifiers that could handle unequal distributed attack categories. The accuracy of a classification model could be jeopardized if the distribution of attack categories in a training dataset is heavily imbalanced where the rare categories are less than 2% of the total population. In such cases, the model could not efficiently learn the characteristics of rare categories and this will result in poor detection rates. In this research, we introduce an efficient and effective approach in dealing with the unequal distribution of attack categories. Our approach relies on the training of cascaded classifiers using a dichotomized training dataset in each cascading stage. The training dataset is dichotomized based on the rare and non-rare attack categories. The empirical findings support our arguments that training cascaded classifiers using the dichotomized dataset provides higher detection rates on the rare categories as well as comparably higher detection rates for the non-rare attack categories as compared to the findings reported in other research works. The higher detection rates are due to the mitigation of the influence from the dominant categories if the rare attack categories are separated from the dataset.
KeywordsNetwork intrusion detection Cascaded classifiers Imbalanced dataset
Unable to display preview. Download preview PDF.
- 1.Conklin A, White GB, Cothren C, Williams D, Davis RL (2005) Principles of computer security: security + and beyond. McGraw-Hill, New York Google Scholar
- 3.Computer Network Intrusion Detection (1999) ACM KDDCUP. http://www.sigkdd.org/kddcup/
- 13.Peddabachigari S, Abraham A, Thomas J (2004) Intrusion detection systems using decision trees and support vector machines. Int J Appl Sci Comput. doi: 10.1.1.60.4079
- 14.Wang W, Guan X, Zhang X (2004) A novel intrusion detection method based on principle component analysis in computer security. In: Lecture Notes in Computer Science, vol 3174. Springer, Berlin, pp 657–662 Google Scholar
- 31.Khor KC, Ting CY, Phon-Amnuaisuk S (2010) Comparing single and multiple Bayesian classifiers approaches for network intrusion detection. In: Proceedings of international conference on knowledge discovery, vol 2. IEEE Computer Society, Los Alamitos, pp 325–329 Google Scholar
- 37.Khor KC, Ting CY, Phon-Amnuaisuk S (2010) Forming an optimal feature set for classifying network intrusions involving multiple feature selection methods. In: Proceedings of international conference on information retrieval and knowledge management. IEEE Computer Society, Los Alamitos, pp 178–182 Google Scholar