Naive Bayes vs decision trees in intrusion detection systems

Amor, Nahla Ben; Benferhat, Salem; Elouedi, Zied

doi:10.1145/967900.967989

Cited by 355 publications

(185 citation statements)

References 3 publications

Supporting

Mentioning

162

Contrasting

Unclassified

Order By: Relevance

“…We treat shilling attack detection as the problem of classification, which is to make a classification between normal users and attacker. Therefore, in this paper, we exploit classification algorithms [31] as the basic model and get the final detection method called Pop-SAD. Pop-SAD is trained on both collected normal user profiles and attacker profiles, and it is able to classify a new user as a normal user or attacker.…”

Section: Detection Of Attackersmentioning

confidence: 99%

Shilling Attack Detection in Recommender Systems via Selecting Patterns Analysis

Gao

Hua

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYCollaborative filtering (CF) has been widely used in recommender systems to generate personalized recommendations. However, recommender systems using CF are vulnerable to shilling attacks, in which attackers inject fake profiles to manipulate recommendation results. Thus, shilling attacks pose a threat to the credibility of recommender systems. Previous studies mainly derive features from characteristics of item ratings in user profiles to detect attackers, but the methods suffer from low accuracy when attackers adopt new rating patterns. To overcome this drawback, we derive features from properties of item popularity in user profiles, which are determined by users' different selecting patterns. This feature extraction method is based on the prior knowledge that attackers select items to rate with man-made rules while normal users do this according to their inner preferences. Then, machine learning classification approaches are exploited to make use of these features to detect and remove attackers. Experiment results on the MovieLens dataset and Amazon review dataset show that our proposed method improves detection performance. In addition, the results justify the practical value of features derived from selecting patterns.

show abstract

Section: Detection Of Attackersmentioning

confidence: 99%

Shilling Attack Detection in Recommender Systems via Selecting Patterns Analysis

Gao

Hua

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…On the other hand, the clustering methods consider the features independently and are unable to capture the relationship between different features of single record, which further degrades attack detection accuracy. Amor et al [6] used Naïve Bayes classifiers for intrusion detection. The authors make strict independence assumption between the features in an observation resulting in lower attack detection accuracy when the features are correlated, which is often the case for intrusion detection.…”

Section: Related Workmentioning

confidence: 99%

“…The idea of decision trees have also used for intrusion detection [6]. It generally has high speed of operation and high attack detection accuracy.…”

Section: Related Workmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

180

View full text Add to dashboard Cite

This paper proposes a novel approach for intrusion detection system based on sampling with Least Square Support Vector Machine (LS-SVM). Decision making is performed in two stages. In the first stage, the whole dataset is divided into some predetermined arbitrary subgroups. The proposed algorithm selects representative samples from these subgroups such that the samples reflect the entire dataset. An optimum allocation scheme is developed based on the variability of the observations within the subgroups. In the second stage, least square support vector machine (LS-SVM) is applied to the extracted samples to detect intrusions. We call the proposed algorithm as optimum allocation-based least square support vector machine (OA-LS-SVM) for IDS. To demonstrate the effectiveness of the proposed method, the experiments are carried out on KDD 99 database which is considered a de facto benchmark for evaluating the performance of intrusions detection algorithm. All binary-classes and multiclass are tested and our proposed approach obtains a realistic performance in terms of accuracy and efficiency. Finally a way out is also shown the usability of the proposed algorithm for incremental datasets.

show abstract

“…A social event of estimations and recognitions are enhanced circumstances and the nearness of data in a collection. A few bundling computations are: k-Means [6], Agglomerative Hierarchical gathering &request and DBSCAN [7]. k-implies has been utilized in the proposed study.…”

Section: Module 2: Clusteringmentioning

confidence: 99%

Reduction of False Alarm Rate by using K-NN and Naive Bayes: A Review

Datta¹,

Kumar²,

Bhardwaj³

2017

IJCA

View full text Add to dashboard Cite

Interruption location is basic in orchestrate security. Most present framework interruption location structures (NIDSs) employ either misuse recognition or anomaly discovery. In any case, misuse recognition can't recognize darken interruptions, and anomaly location generally has high false positive rate. To overcome the imperatives of the two techniques, they intertwine both anomaly and misuse recognition into the NIDS. This paper presents a hybrid interruption recognition framework based on the combination of k-Means and two classifiers which are K-nearest neighbor and Naive Bayes. This paper includes picking features using an entropy based segment assurance computation that uses imperative properties and expels the irredundant qualities. The whole observation in this study is performed on KDD-99 Data set which is accepted at world level for surveying execution of various interruption recognition frameworks. The consequent stage is grouping stage using k-Means. The proposed framework can recognize all interruptions and categorize them into four segments: Denial of Service, User to Root, Remote to nearby and test. The main goal is to minimize the false ready rate of IDS.

show abstract

Naive Bayes vs decision trees in intrusion detection systems

Cited by 355 publications

References 3 publications

Shilling Attack Detection in Recommender Systems via Selecting Patterns Analysis

Shilling Attack Detection in Recommender Systems via Selecting Patterns Analysis

A novel statistical technique for intrusion detection systems

Reduction of False Alarm Rate by using K-NN and Naive Bayes: A Review

Contact Info

Product

Resources

About