Anomaly Detection with Multinomial Logistic Regression and Naïve Bayesian

  • Nguyen Dai Hai
  • Nguyen Linh Giang
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 240)


Intrusion Detection by automated means is gaining widespread interest due to the serious impact of Intrusions on computer system or network. Several techniques have been introduced in an effort to minimize up to some extent the risk associated with Intrusion attack. In this paper, we have used two novel Machine Learning techniques including Multinomial Logistic Regression and Naïve Bayesian in building Anomaly-based Intrusion Detection System (IDS). Also, we create our own dataset based on four attack scenarios including TCP flood, ICMP flood, UDP flood and Scan port. Then, we will test the system’s ability of detecting anomaly-based intrusion activities using these two methods. Furthermore we will make the comparison of classification performance between the Multinomial Logistic Regression and Naïve Bayesian.


DoS Logistic regression Naïve Bayesian Intrusion detection system 


  1. 1.
    Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 DARPA off-line intrusion detection evaluation. Comput Netw 34:597–595Google Scholar
  2. 2.
    Stillerman M, Marceau C, Stillman M (1999) Intrusion detection for distributed systems. Commun ACM 42(7):62–69Google Scholar
  3. 3.
    Chang CC, Lin CJ (2009) LIBSVM: a library for support vector machines. Software available at 18th November 2009
  4. 4.
    Anderson J (1980) Computer security threat monitoring and surveillance. James P. Anderson Co, WashingtonGoogle Scholar
  5. 5.
    Yu Y, Hao H (2007) An ensemble approach to intrusion detection based on improved multi-objective genetic algorithm. J Softw 18(6):1369–1378CrossRefGoogle Scholar
  6. 6.
    Luo J, Bridges SM (2000) Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection. Int J Intell Syst 15(8):687–703CrossRefMATHGoogle Scholar
  7. 7.
    Barbard D, Wu N, Jajodia S (2001) Detecting novel network intrusions using bayes estimator. In: Proceeding of the 1st SIAM international conference on data miningGoogle Scholar
  8. 8.
    Kuchimanchi G, Phoha V, Balagani K, Gaddam S (2004) Dimension reduction using feature extraction methods for real-time misuse detection systems. In: Fifth annual IEEE proceedings of information assurance workshop, pp 195–202Google Scholar
  9. 9.
    Han J, Kamber M, (2012) Data mining: concepts and techniques. Elsevier, San Francisco Google Scholar
  10. 10.
    Garcia-Teodoro P, Díaz-Verdejo JE, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28(1–2):18–28 Google Scholar
  11. 11.
    Phoha VV (2002) The springer dictionary of internet security. Springer, New YorkGoogle Scholar
  12. 12.
    Vapnik VN (1999) Statistical learning theory. Wiley-Interscience, New YorkGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht(Outside the USA) 2013

Authors and Affiliations

  1. 1.School of Information and Communication TechnologyHanoi University of Science and TechnologyHanoiVietnam
  2. 2.Department of Communication and Computer NetworksHanoi University of Science and TechnologyHanoiVietnam

Personalised recommendations