Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods

Publication Type

Journal Article

Publication Date

2007

Abstract

Intrusion detection systems help network administrators prepare for and deal with network security attacks. These systems collect information from a variety of systems and network sources, and analyze them for signs of intrusion and misuse. A variety of techniques have been employed for analysis ranging from traditional statistical methods to new data mining approaches. In this study the performance of three data mining methods in detecting network intrusion is examined. An experimental design is created to evaluate the impact of three data mining methods, two data representation formats, and two data proportion schemes on the classification accuracy of intrusion detection systems. The results indicate that data mining methods and data proportion have a significant impact on classification accuracy. Within data mining methods, rough sets provide better accuracy, followed by neural networks and inductive learning. Balanced data proportion performs better than unbalanced data proportion. There are no major differences in performance between binary and integer data representation.

Keywords

Data Mining, Inductive Learning, Intrusion Detection, Network Security, Neural Networks, Rough Sets, and Telecommunications

Discipline

Computer Sciences | Management Information Systems | Numerical Analysis and Scientific Computing

Research Areas

Information Systems and Management

Publication

Decision Sciences

Volume

32

Issue

4

First Page

635

Last Page

660

ISSN

1540-5915

Identifier

10.1111/j.1540-5915.2001.tb00975.x

Publisher

Wiley

Additional URL

http://onlinelibrary.wiley.com/doi/10.1111/j.1540-5915.2001.tb00975.x/abstract

Link to Full Text

Share

COinS