A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

Koç, L. Yasemin; Mazzuchi, Thomas A.; Sarkani, Shahram

doi:10.1016/j.eswa.2012.07.009

Cited by 293 publications

(113 citation statements)

References 33 publications

Supporting

Mentioning

109

Contrasting

Unclassified

Order By: Relevance

“…However, it should be noted that in [2], the test data has been selected randomly, while in this study the whole test dataset has been used. With respect to CPE, this approach can achieve as low as 0.056, which is remarkably better than 0.233, 0.181, and 0.222, which are the CPE's reported in [2], [40] and [25], respectively. However, it does not demonstrate an acceptable False Alarm Rate (FAR).…”

Section: Hybrid Model and Experimental Resultsmentioning

confidence: 79%

See 1 more Smart Citation

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Akyol

Hacıbeyoğlu

Karlık

2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYWith the increase of network components connected to the Internet, the need to ensure secure connectivity is becoming increasingly vital. Intrusion Detection Systems (IDSs) are one of the common security components that identify security violations. This paper proposes a novel multilevel hybrid classifier that uses different feature sets on each classifier. It presents the Discernibility Function based Feature Selection method and two classifiers involving multilayer perceptron (MLP) and decision tree (C4.5). Experiments are conducted on the KDD'99 Cup and ISCX datasets, and the proposal demonstrates better performance than individual classifiers and other proposed hybrid classifiers. The proposed method provides significant improvement in the detection rates of attack classes and Cost Per Example (CPE) which was the primary evaluation method in the KDD'99

show abstract

Section: Hybrid Model and Experimental Resultsmentioning

confidence: 79%

“…Even though there are some limitations mentioned in [13], this dataset is still the most used dataset in IDS related papers [22]- [24] and is considered to be a classic challenge for IDS [25]. Because of the wide usage of the KDD Cup'99, it brings the opportunity to compare the results with many other studies.…”

Section: The Kdd Cup'99 Datasetmentioning

confidence: 99%

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Akyol

Hacıbeyoğlu

Karlık

2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…Similarly, augmenting SVDDs with labeled data has been observed to greatly improve detection accuracy (Görnitz et al 2013). Other work has studied SVMs (Khan et al 2007;Li et al 2012) and other classification methods (Koc et al 2012;Peddabachigari et al 2007;Gharibian and Ghorbani 2007).…”

Section: Discussion and Related Workmentioning

confidence: 99%

Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers

Dick

Scheffer

2016

Mach Learn

View full text Add to dashboard Cite

We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structuredprediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.

show abstract

“…The performance of this approach was shown to have high detection and low false alarm rates. In [4], a multiple classifier intrusion detection model was presented, which was based on a new data mining method called hidden Naive Bayesian. This method was better than other models, but it only had a high detection rate for the DoS (the denial of service) attack while the other attack detection accuracy was not high.…”

Section: Introductionmentioning

confidence: 99%

Network Attack Classification and Recognition Using HMM and Improved Evidence Theory

Luo¹,

Wen²,

Xiang³

2016

ijacsa

View full text Add to dashboard Cite

Abstract-In this paper, a decision model of fusion classification based on HMM-DS is proposed, and the training and recognition methods of the model are given. As the pure HMM classifier can't have an ideal balance between each model with a strong ability to identify its target and the maximum difference between models. So in this paper, the results of HMM are integrated into the DS framework, and HMM provides state probabilities for DS. The output of each hidden Markov model is used as a body of evidence. The improved evidence theory method is proposed to fuse the results and encounter drawbacks of the pure HMM for improving classification accuracy of the system. We compare our approach with the traditional evidence theory method, other representative improved DS methods, pure HMM method and common classification methods. The experimental results show that our proposed method has a significant practical effect in improving the training process of network attack classification with high accuracy.

show abstract

A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

Cited by 293 publications

References 33 publications

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers

Network Attack Classification and Recognition Using HMM and Improved Evidence Theory

Contact Info

Product

Resources

About