C4.5: programs for machine learning
C4.5: programs for machine learning
Machine Learning
Toward Integrating Feature Selection Algorithms for Classification and Clustering
IEEE Transactions on Knowledge and Data Engineering
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
Normalized mutual information feature selection
IEEE Transactions on Neural Networks
Decision Tree Based on Shannon, Rényi and Tsallis Entropies for Intrusion Tolerant Systems
ICIMP '10 Proceedings of the 2010 Fifth International Conference on Internet Monitoring and Protection
Hi-index | 0.00 |
Intrusion Detection Systems of computer networks carry out their detection capabilities observing a set of attributes coming from the network traffic. Such a set may be very large. However, some attributes are irrelevant, redundant or even noisy, so that their usage may also decrease the detection intrusion efficiency. Therefore, the primary problem of identifying an optimal attribute subset is the choice of the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy compared with Shannon entropy in order to obtain an optimal attribute subset which increases the detection capability to classify the traffic as normal or as suspicious. Additionally, we studied an ensemble approach that combines the attributes selected by Rényi, Tsallis and Shannon information measures. The empirical results demonstrated that by applying an attribution selection approach based on Rényi or Tsallis entropies not only do the number of attributes and processing time are reduced but also the clustering models can be builded with a better performance (or at least remains the same) than that built with a complete set of attributes.