Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees

Pattern Recognition Letters

Volumn 29, Issue 7, 2008, Pages 918-924

  Xiang, Cheng ^a   Yong, Png Chin ^a   Meng, Lim Swee ^a  

^a NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

Author keywords

Bayesian clustering; Decision tree; False negative; False positive; Intrusion detection system (IDS)

Indexed keywords

BAYESIAN NETWORKS; CLUSTER ANALYSIS; DATA ACQUISITION; DECISION TREES; UNSUPERVISED LEARNING;

BAYESIAN CLUSTERING; FALSE NEGATIVE; FALSE POSITIVE;

INTRUSION DETECTION;

EID: 40849099949     PISSN: 01678655     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.patrec.2008.01.008     Document Type: Article

References (28)

1. Agrawal, R., Imielinski, T., Swami, A., 1993. Mining association rules between sets of items in large databases. In: Proc. 1993 ACM SIGMOD Internat. Conf. on Management of Data (SIGMOD'93, Washington, DC, May 26-28), pp. 207-216.
2. AutoClass C - General Information. .
3. Axelsson, S., 2000. Intrusion detection systems: A taxonomy and survey, Technical Report 99-14, Dept. of Computer Engineering, Chalmers University of Technology, Sweden.
4. Bouzida, Y., Cuppens, F., 2006. Detecting known and novel network intrusions. In: Proc. IFIP TC-11 21st Internat. Information Security Conf. (SEC 2006), pp. 258-270.
5. Cabrera, J.B.D., Mehra, R.K., 2002. Control and estimation methods in information assurance - a tutorial on intrusion detection systems. In: Proc. 41st IEEE Conf. on Decision and Control, pp. 1402-1407.
6. Chan, P.K., Stolfo, S.J., 1993. Toward parallel and distributed learning by meta-learning. In: Proc. AAAI Workshop on Knowledge Discovery in Database, pp. 227-240.
7. Cheeseman, P., Kelly, J., Self, M., Stutz, J., Taylor, W., Freeman, D., 1988. AutoClass: A Bayesian classification system. In: Proc. Fifth Internat. Conf. on Machine Learning.
8. Denning D. An intrusion detection model. IEEE Trans. Software Eng. 13 2 (1987) 222-232
9. Depren O., Topllar M., Anarim E., and Ciliz M.K. An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29 (2005) 713-722
10. Giacinto G., Roli F., and Didaci L. Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Lett. 24 (2003) 1795-1803
11. Hwang K., Cai M., Chen Y., and Qin M. Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. IEEE Trans. Depend. Secure Comput. 4 (2007) 41-55
12. Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inform. Syst. Security 6 (2003) 443-471
13. KDD Cup, 1999. Data, Information and Computer Science, University of California, Irvine. .
14. Lee W., and Stolfo S.J. A framework for constructing features and models for intrusion detection systems. ACM Trans. Inform. Syst. Security 3 4 (2000) 227-261
15. Levin I. KDD-99 classifier learning contest LLSoft's results overview. SIGKDD Explor. ACM SIGKDD (2000)
16. Lippmann R.P., Fried D.J., Graf I., Haines J.W., Kendall K.R., McClung D., Weber D., Webster S.E., Wyschogrod D., Cunningham R.K., and Zissman M.A. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. Proc. 2000 DARPA Inform. Survivability Conference and Exposition (DISCEX) vol. 2 (2000), IEEE Computer Society Press, Los Alamitos, CA 12-26
17. Lunt, T., 1988. Automated audit trail analysis and intrusion detection: A survey. In: Proc. 11th National Computer Security Conference, pp. 65-73.
18. Mannilla, H., Toivonen, H., Verkamo, A.I., 1995. Discovering frequent episodes in sequences. In: Proc. 1st Internat. Conf. on Knowledge Discovery in Databases and Data Mining.
19. Mukkamala R.K., Gagnon J., and Jajodia S. Integrated data mining techniques with intrusion detection. In: Atluri V., and Hale J. (Eds). Research Advances in Database and Information Systems Security (2000), Kluwer Publisher 33-46
20. Pan, Z.S., Chen, S.C., Hu, G.B., Zhang, D.Q., 2003. Hybrid neural network and C4.5 for misuse detection. In: Proc. 2003 Internat. Conf. on Machine Learning and Cybernetics, vol. 4, pp. 2463-2467.
21. Peddabachigari S., Abraham A., Grosan C., and Thomas J. Modelling intrusion detection system using hybrid systems. J. Network Comput. Appl. 30 (2007) 114-132
22. Petrovic, S., Alvarez, G., Orfila, A., Carbo, J., 2006. Labelling clusters in an intrusion detection system using a combination of clustering evaluation techniques. In: Proc. 39th Annual Hawaii Internat. Conf. on System Sciences, pp. 129b-129b.
23. Pfahringer B. Winning the KDD99 classification cup: Bagged boosting. SIGKDD Explor. 1 2 (2000) 67-75
24. Quinlan J.R. C4.5: Programs for Machine Learning (1993), Morgan Kauffman
25. Weka 3: Data Mining Software in Java, University of Waikato, New Zealand. .
26. Xiang, C., Chong, M.Y., Zhu, H.L., 2004. Design of multiple-level tree classifiers for intrusion detection system. In: Proc. 2004 IEEE Conf. on Cybernetics and Intelligent Systems, December, Singapore, pp. 872-877.
27. Zanero, S., Savaresi, S.M., 2004. Unsupervised learning techniques for an intrusion detection system. In: Proc. 2004 ACM Symposium on Applied Computing, pp. 412-419.
28. Zhang, J., Zulkernine, M., 2006. A hybrid network intrusion detection technique using random forests. In: Proc. 1st Internat. Conf. on Availability, Reliability and Security, ARES 2006, Vienna, Austria, pp. 262-269.