IEEE Transactions on Software Engineering - Special issue on computer security and privacy
International Journal of Man-Machine Studies - Special Issue: Knowledge Acquisition for Knowledge-based Systems. Part 5
Applied multivariate statistical analysis
Applied multivariate statistical analysis
Instance-Based Learning Algorithms
Machine Learning
C4.5: programs for machine learning
C4.5: programs for machine learning
Artificial Intelligence Review - Special issue on lazy learning
Classification by pairwise coupling
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Data mining: practical machine learning tools and techniques with Java implementations
Data mining: practical machine learning tools and techniques with Java implementations
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Pairwise Classification as an Ensemble Technique
ECML '02 Proceedings of the 13th European Conference on Machine Learning
Generating Accurate Rule Sets Without Global Optimization
ICML '98 Proceedings of the Fifteenth International Conference on Machine Learning
Reducing Multiclass to Binary: A Unifying Approach for Margin Classifiers
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
The 1998 Lincoln Laboratory IDS Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
The Journal of Machine Learning Research
Comparative Assessment of Software Quality Classification Techniques: An Empirical Case Study
Empirical Software Engineering
Assessment of a New Three-Group Software Quality Classification Technique: An Empirical Case Study
Empirical Software Engineering
Enhancing software quality estimation using ensemble-classifier based noise filtering
Intelligent Data Analysis
Solving multiclass learning problems via error-correcting output codes
Journal of Artificial Intelligence Research
Multi-category classification by soft-max combination of binary classifiers
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Resource-sensitive intrusion detection models for network traffic
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
Expert Systems with Applications: An International Journal
| Hi-index | 0.00 |
The network intrusion detection domain has seen increased research that exploit data mining and machine learning techniques and principles. Typically, multi-category classification models are built to classify network traffic instances either as normal or belonging to a specific attack category. While many existing works on data mining in intrusion detection have focused on applying direct classification methods, to our knowledge indirect classification techniques have not been investigated for intrusion detection. In contrast to indirect classification techniques, direct classification techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect classification technique decomposes (binarization) the original multi-category problem into multiple binary classification problems. The classification technique used to train the set of binary classification problems is called the {base} classifier. Subsequently, a combining strategy is used to merge the results of the binary classifiers. We investigate two binarization techniques and three combining strategies, yielding six indirect classification methods. This study presents a comprehensive comparative study of five direct classification methods with the thirty indirect classification models (six indirect classification models for each of the five base classifiers). To our knowledge, there are no existing works that evaluate as many indirect classification techniques and compare them with direct classification methods, particularly for network intrusion detection. A case study of the DARPA KDD-1999 offline intrusion detection project is used to evaluate the different techniques. It is empirically shown that certain indirect classification techniques yield better network intrusion detection models.