Discernibility analysis and accuracy improvement of machine learning algorithms for network intrusion detection

Authors:
Sanping Li;Yan Luo
Affiliations:
Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, MA;Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, MA
Venue:
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Year:
2009

Citing 12
Cited 0

C4.5: programs for machine learning

C4.5: programs for machine learning
Rough Sets: Theoretical Aspects of Reasoning about Data

Rough Sets: Theoretical Aspects of Reasoning about Data
Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification

ACM SIGCOMM Computer Communication Review
Improving Intrusion Detection Performance Using Rough Set Theory and Association Rule Mining

ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 02
A hybrid machine learning approach to network anomaly detection

Information Sciences: an International Journal
Application of Rough Set Theory to Intrusion Detection System

GRC '07 Proceedings of the 2007 IEEE International Conference on Granular Computing
PCAV: internet attack visualization on parallel coordinates

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
A survey of techniques for internet traffic classification using machine learning

IEEE Communications Surveys & Tutorials
Evolutionary neural networks for anomaly detection based on the behavior of a program

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
An Automatically Tuning Intrusion Detection System

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
AdaBoost-Based Algorithm for Network Intrusion Detection

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network intrusion detection based on machine learning algorithms has demonstrated high performance in execution time and overall classification accuracy. However, very poor identification skill is showed for certain specific attack types, especially for the unknown attack types appeared in the test data only. We use the Parallel Coordinates Plot (PCP), one kind of visualization technique for multi-dimension data analysis, to comparatively analyze the data distribution characteristic for both training and test datasets. On the other hand, we make use of rough sets theory to investigate the discernibility in respect of whole training dataset, randomly sampled dataset and reduct attributes set. Furthermore, based on the higher classification accuracy for data with unknown attack types by using rough sets method, the decision rules extracted from both C4.5 and rough sets method are combined to improve the detection capability of classification model.