Effectiveness evaluation of data mining based IDS

Authors:
Agustín Orfila;Javier Carbó;Arturo Ribagorda
Affiliations:
Computer Science Department, Carlos III University of Madrid, Leganés, Spain;Computer Science Department, Carlos III University of Madrid, Leganés, Spain;Computer Science Department, Carlos III University of Madrid, Leganés, Spain
Venue:
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Year:
2006

Citing 15
Cited 0

Explicitly representing expected cost: an alternative to ROC representation

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
Intrusion Detection Testing and Benchmarking Methodologies

IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Evaluation of Intrusion Detectors: A Decision Theory Approach

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems

Decision Analysis
Machine Learning and Data Mining in Pattern Recognition: 4th International Conference, MLDM 2005, Leipzig, Germany, July 9-11, 2005, Proceedings (Lecture ... / Lecture Notes in Artificial Intelligence)

Machine Learning and Data Mining in Pattern Recognition: 4th International Conference, MLDM 2005, Leipzig, Germany, July 9-11, 2005, Proceedings (Lecture ... / Lecture Notes in Artificial Intelligence)
Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)

Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Alarm clustering for intrusion detection systems in computer networks

MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Signature-Based approach for intrusion detection

MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Learning intrusion detection: supervised or unsupervised?

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Data mining has been widely applied to the problem of Intrusion Detection in computer networks. However, the misconception of the underlying problem has led to out of context results. This paper shows that factors such as the probability of intrusion and the costs of responding to detected intrusions must be taken into account in order to compare the effectiveness of machine learning algorithms over the intrusion detection domain. Furthermore, we show the advantages of combining different detection techniques. Results regarding the well known 1999 KDD dataset are shown.