A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

Authors:
Levent Koc;Thomas A. Mazzuchi;Shahram Sarkani
Affiliations:
Department of Engineering Management and Systems Engineering at The George Washington University, Washington, DC, USA;Department of Engineering Management and Systems Engineering at The George Washington University, Washington, DC, USA;Department of Engineering Management and Systems Engineering at The George Washington University, Washington, DC, USA
Venue:
Expert Systems with Applications: An International Journal
Year:
2012

Citing 30
Cited 3

Bagging predictors

Machine Learning
Selection of relevant features and examples in machine learning

Artificial Intelligence - Special issue on relevance
Bayesian Network Classifiers

Machine Learning - Special issue on learning with probabilistic representations
Improving intrusion detection performance using keyword selection and neural networks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Random Forests

Machine Learning
Discretization: An Enabling Technique

Data Mining and Knowledge Discovery
Feature Selection via Discretization

IEEE Transactions on Knowledge and Data Engineering
SNNB: A Selective Neighborhood Based Naïve Bayes for Lazy Learning

PAKDD '02 Proceedings of the 6th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
Proportional k-Interval Discretization for Naive-Bayes Classifiers

EMCL '01 Proceedings of the 12th European Conference on Machine Learning
Results of the KDD'99 classifier learning

ACM SIGKDD Explorations Newsletter
Consistency-based search in feature selection

Artificial Intelligence
Large-Sample Learning of Bayesian Networks is NP-Hard

The Journal of Machine Learning Research
Toward Integrating Feature Selection Algorithms for Classification and Clustering

IEEE Transactions on Knowledge and Data Engineering
Not So Naive Bayes: Aggregating One-Dependence Estimators

Machine Learning
Application of Data Mining to Network Intrusion Detection: Classifier Selection Model

APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Data mining-based intrusion detectors

Expert Systems with Applications: An International Journal
A Novel Bayes Model: Hidden Naive Bayes

IEEE Transactions on Knowledge and Data Engineering
Searching for interacting features

IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
Semi-Naïve Bayesian Method for Network Intrusion Detection System

ICONIP '09 Proceedings of the 16th International Conference on Neural Information Processing: Part I
A combination of discretization and filter methods for improving classification performance in KDD Cup 99 dataset

IJCNN'09 Proceedings of the 2009 international joint conference on Neural Networks
An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks

Expert Systems with Applications: An International Journal
A detailed analysis of the KDD CUP 99 data set

CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Weightily averaged one-dependence estimators

PRICAI'06 Proceedings of the 9th Pacific Rim international conference on Artificial intelligence
An analysis of Bayesian classifiers

AAAI'92 Proceedings of the tenth national conference on Artificial intelligence
Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset

Expert Systems with Applications: An International Journal
Evaluating Learning Algorithms: A Classification Perspective

Evaluating Learning Algorithms: A Classification Perspective
Data Mining: Practical Machine Learning Tools and Techniques

Data Mining: Practical Machine Learning Tools and Techniques
Induction of selective Bayesian classifiers

UAI'94 Proceedings of the Tenth international conference on Uncertainty in artificial intelligence
Locally weighted naive bayes

UAI'03 Proceedings of the Nineteenth conference on Uncertainty in Artificial Intelligence
Random-Forests-Based Network Intrusion Detection Systems

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews

Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks

Expert Systems with Applications: An International Journal
Probabilistic fault detector for Wireless Sensor Network

Expert Systems with Applications: An International Journal
A novel intrusion detection system based on feature generation with visualization strategy

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	12.06

Visualization

Abstract

With increasing Internet connectivity and traffic volume, recent intrusion incidents have reemphasized the importance of network intrusion detection systems for combating increasingly sophisticated network attacks. Techniques such as pattern recognition and the data mining of network events are often used by intrusion detection systems to classify the network events as either normal events or attack events. Our research study claims that the Hidden Naive Bayes (HNB) model can be applied to intrusion detection problems that suffer from dimensionality, highly correlated features and high network data stream volumes. HNB is a data mining model that relaxes the Naive Bayes method's conditional independence assumption. Our experimental results show that the HNB model exhibits a superior overall performance in terms of accuracy, error rate and misclassification cost compared with the traditional Naive Bayes model, leading extended Naive Bayes models and the Knowledge Discovery and Data Mining (KDD) Cup 1999 winner. Our model performed better than other leading state-of-the art models, such as SVM, in predictive accuracy. The results also indicate that our model significantly improves the accuracy of detecting denial-of-services (DoS) attacks.