International Journal of Man-Machine Studies - Special Issue: Knowledge Acquisition for Knowledge-based Systems. Part 5
Applied multivariate statistical analysis
Applied multivariate statistical analysis
Testing and evaluating computer intrusion detection systems
Communications of the ACM
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
ICML '01 Proceedings of the Eighteenth International Conference on Machine Learning
Duality and Geometry in SVM Classifiers
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Automated Intrusion Detection Using NFR: Methods and Experiences
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
Reducing multiclass to binary: a unifying approach for margin classifiers
The Journal of Machine Learning Research
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Solving multiclass learning problems via error-correcting output codes
Journal of Artificial Intelligence Research
Multi-category classification by soft-max combination of binary classifiers
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Resource-sensitive intrusion detection models for network traffic
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
Autonomous decision on intrusion detection with trained BDI agents
Computer Communications
Hi-index | 0.00 |
The application of data mining and machine learning techniques to the network intrusion detection domain has recently gained importance. This paper presents a set of indirect classification techniques for addressing the multi-category classification problem in network intrusion detection. In contrast to indirect classification techniques, direct classification techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect classification technique decomposes the original multi-category problem into multiple binary classification problems based on some criteria. We investigate the one vs. one and one vs. rest approaches for building the binary classifiers, the results of which are then merged using a combining strategy. Three different combining strategies are investigated in our study, and they are Hamming decoding, loss-based decoding, and soft-max function. Consequently, we evaluate six different indirect classification techniques in our study. To our knowledge, there are no existing works that evaluate as many indirect classification techniques. The six indirect classification approaches are investigated and relatively evaluated in the context of DARPA KDD 1999 offline intrusion detection project. Our empirical evaluation indicated that among the binarisation techniques, the one vs. one technique yielded generally better results; while among the combining strategies, the loss-based decoding and Hamming-decoding techniques yielded better results than the soft-max function. This study demonstrates the usefulness of the indirect classification approach for network intrusion detection.