Detecting Known and Novel Network Intrusions

Bouzida, Yacine; Cuppens, Frédéric

doi:10.1007/0-387-33406-8_22

Cited by 17 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As reported by Bouzida, one of the attacks in the R2L category (Snmpgetattack), was undistinguishable from the normal network traffic [40]. This was due to the fact that none of the 41 attributes in the datasets was able to differentiate this attack from the normal network traffic.…”

Section: Resultsmentioning

confidence: 90%

A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection

2010

View full text Add to dashboard Cite

Network intrusion detection research work that employed KDDCup 99 dataset often encounter challenges in creating classifiers that could handle unequal distributed attack categories. The accuracy of a classification model could be jeopardized if the distribution of attack categories in a training dataset is heavily imbalanced where the rare categories are less than 2% of the total population. In such cases, the model could not efficiently learn the characteristics of rare categories and this will result in poor detection rates. In this research, we introduce an efficient and effective approach in dealing with the unequal distribution of attack categories. Our approach relies on the training of cascaded classifiers using a dichotomized training dataset in each cascading stage. The training dataset is dichotomized based on the rare and non-rare attack categories. The empirical findings support our arguments that training cascaded classifiers using the dichotomized dataset provides higher detection rates on the rare categories as well as comparably higher detection rates for the non-rare attack categories as compared to the findings reported in other research works. The higher detection rates are due to the mitigation of the influence from the dominant categories if the rare attack categories are separated from the dataset.

show abstract

Section: Resultsmentioning

confidence: 90%

A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection

2010

View full text Add to dashboard Cite

show abstract

“…The KDD dataset has been found to have a number of drawbacks [8], [9]. Thus the testing results do not reflect the behaviour of the algorithm in a real-world environment.…”

Section: Initial Testing and Resultsmentioning

confidence: 99%

“…This occurs partially due to the known drawback of the dataset, i.e. the dataset is proven to possess connections with absolutely the same or very similar feature values, but with different labels [8]. However, all the drawbacks are expected to be mitigated through the influence of the security expert.…”

Section: Initial Testing and Resultsmentioning

confidence: 99%

Unsupervised Genetic Algorithm Deployed for Intrusion Detection

Banković

Bojanić

Nieto

et al. 2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper represents the first step in an on-going work for designing an unsupervised method based on genetic algorithm for intrusion detection. Its main role in a broader system is to notify of an unusual traffic and in that way provide the possibility of detecting unknown attacks. Most of the machinelearning techniques deployed for intrusion detection are supervised as these techniques are generally more accurate, but this implies the need of labeling the data for training and testing which is time-consuming and error-prone. Hence, our goal is to devise an anomaly detector which would be unsupervised, but at the same time robust and accurate. Genetic algorithms are robust and able to avoid getting stuck in local optima, unlike the rest of clustering techniques. The model is verified on KDD99 benchmark dataset, generating a solution competitive with the solutions of the state-of-the-art which demonstrates high possibilities of the proposed method.

show abstract

“…normal and intrusive data, which has become a common approach when adopting machine learning techniques [7,8,22,69,76,87].…”

mentioning

confidence: 99%

“…This paper focuses on the KDD Cup '99 data set, which, as discussed in the Section 2, does not inherit all of the issues with the DARPA data, although it has introduced additional methodological factors that affect the results [7,8,77]. Due to the ready availability of the KDD Cup '99 data set, it is straightforward to evaluate machine learning algorithms for intrusion detection, since no preprocessing of raw data is necessary to extract usable feature vectors.…”

mentioning

confidence: 99%

Exploring discrepancies in findings obtained with the KDD Cup '99 data set

Engen

Vincent

Phalp

2011

IDA

View full text Add to dashboard Cite

The KDD Cup '99 data set has been widely used to evaluate intrusion detection prototypes, most based on machine learning techniques, for nearly a decade. The data set served well in the KDD Cup '99 competition to demonstrate that machine learning can be useful in intrusion detection systems. However, there are discrepancies in the findings reported in the literature. Further, some researchers have published criticisms of the data (and the DARPA data from which the KDD Cup '99 data has been derived), questioning the validity of results obtained with this data. Despite the criticisms, researchers continue to use the data due to a lack of better publicly available alternatives. Hence, it is important to identify the value of the data set and the findings from the extensive body of research based on it, which has largely been ignored by the existing critiques. This paper reports on an empirical investigation, demonstrating the impact of several methodological differences in the publicly available subsets, which uncovers several underlying causes of the discrepancy in the results reported in the literature. These findings allow us to better interpret the current body of research, and inform recommendations for future use of the data set.

show abstract

Detecting Known and Novel Network Intrusions

Cited by 17 publications

References 3 publications

A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection

A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection

Unsupervised Genetic Algorithm Deployed for Intrusion Detection

Exploring discrepancies in findings obtained with the KDD Cup '99 data set

Contact Info

Product

Resources

About