Multilayer feedforward networks are universal approximators
Neural Networks
C4.5: programs for machine learning
C4.5: programs for machine learning
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Neural Networks: A Comprehensive Foundation
Neural Networks: A Comprehensive Foundation
Genetic Algorithms in Search, Optimization and Machine Learning
Genetic Algorithms in Search, Optimization and Machine Learning
Machine Learning
Artificial Intelligence: A Guide to Intelligent Systems
Artificial Intelligence: A Guide to Intelligent Systems
Evolution strategies –A comprehensive introduction
Natural Computing: an international journal
Proceedings of the 3rd International Conference on Genetic Algorithms
Neural Networks: Tricks of the Trade, this book is an outgrowth of a 1996 NIPS workshop
Intrusion Detection Applying Machine Learning to Solaris Audit Data
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
Naive Bayes vs decision trees in intrusion detection systems
Proceedings of the 2004 ACM symposium on Applied computing
Editorial: special issue on learning from imbalanced data sets
ACM SIGKDD Explorations Newsletter - Special issue on learning from imbalanced datasets
Class imbalances versus small disjuncts
ACM SIGKDD Explorations Newsletter - Special issue on learning from imbalanced datasets
Intrusion Detection and Correlation: Challenges and Solutions
Intrusion Detection and Correlation: Challenges and Solutions
Decision tree classifier for network intrusion detection with GA-based feature selection
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Modeling intrusion detection system using hybrid intelligent systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Experimental perspectives on learning from imbalanced data
Proceedings of the 24th international conference on Machine learning
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
Expert Systems with Applications: An International Journal
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
Predicting high-risk program modules by selecting the right software measurements
Software Quality Control
A hybrid PSO-FSVM model and its application to imbalanced classification of mammograms
ACIIDS'13 Proceedings of the 5th Asian conference on Intelligent Information and Database Systems - Volume Part I
Hi-index | 0.01 |
The application of machine learning to intrusion detection has been researched for several decades, however, with varying degrees of success. This paper focuses on two common techniques: Multi Layer Perceptrons (MLPs) and Decision Trees (DTs). Previous research on these techniques has produced contradictory results concerning their ability to detect particular classes of intrusion. Some of these contradictions are argued to be a result of properties of the data set used for empirical study, the KDD Cup '99 data set, which poses several challenges to learning algorithms. One particular challenge is considered here, learning from imbalanced data, which is an intrinsic problem to intrusion detection. Empirical results show that both the DT and MLP trained with back propagation obtain very poor classification rates of the minor classes, particularly U2R (User to Root) intrusions; the MLP often being unable to detect this class. An evolutionary neural network is employed, in which several evaluation functions are examined. Two general fitness measures are used, which lead to similar behaviour to training an MLP with back propagation. However, when employing evaluation functions that calculate the fitness proportionally to the instances of each class, thereby avoiding a bias towards the major class(es) in the data set, significantly improved true positive rates are obtained whilst maintaining a low false positive rate.