Wrappers for feature subset selection
Artificial Intelligence - Special issue on relevance
Machine Learning
Consistency Based Feature Selection
PADKK '00 Proceedings of the 4th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Current Issues and New Applications
Anomaly Detection Enhanced Classification in Computer Intrusion Detection
SVM '02 Proceedings of the First International Workshop on Pattern Recognition with Support Vector Machines
Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Feature Selection for Clustering - A Filter Solution
ICDM '02 Proceedings of the 2002 IEEE International Conference on Data Mining
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
Quantitative Intrusion Intensity Assessment Using Important Feature Selection and Proximity Metrics
PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
Toward lightweight intrusion detection system through simultaneous intrinsic model identification
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Fusions of GA and SVM for anomaly detection in intrusion detection system
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
| Hi-index | 0.00 |
One of the main problems of existing approaches in anomaly detection in intrusion detection system (IDS) is that IDSs provide only binary detection result: intrusion (attack) or normal. If some attack data or normal data is belonged to boundary, they may be classified wrongly. That is a main cause of high false rates and inaccurate detection rates in IDS. We propose a new approach named Quantitative Intrusion Intensity Assessment (QIIA) that exploits proximity metrics computation so that it provides intrusion (or normal) quantitative intensity value. It is capable of representing how an instance of audit data is proximal to intrusion or normal in a numerical value. This can identify unknown intrusion and normal pattern more accurately. Prior to applying QIIA to audit data, we perform feature selection and parameter optimization of detection models to decrease the overheads to process audit data and to enhance detection rates. Random Forests is used to generate proximity metrics that represent the intrusion intensity (and normal instance intensity) in a numerical way. The numerical value is used to determine whether unknown audit data are intrusion or normal. We carry out several experiments on KDD 1999 dataset and the experimental results show the feasibility of our approach. Copyright © 2012 John Wiley & Sons, Ltd.