|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
Second Annual Conference on Communication Networks and Services Research (CNSR'04)
On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection
Fredericton, N.B., Canada
May 19-May 21
ISBN: 0-7695-2096-0
| ASCII Text | x | ||
| H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood, "On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection," Communication Networks and Services Research, Annual Conference on, pp. 181-189, Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004. | |||
| BibTex | x | ||
| @article{ 10.1109/DNSR.2004.1344727, author = {H. G. Kayacik and A. N. Zincir-Heywood and M. I. Heywood}, title = {On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection}, journal ={Communication Networks and Services Research, Annual Conference on}, volume = {0}, year = {2004}, isbn = {0-7695-2096-0}, pages = {181-189}, doi = {http://doi.ieeecomputersociety.org/10.1109/DNSR.2004.1344727}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Communication Networks and Services Research, Annual Conference on TI - On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection SN - 0-7695-2096-0 SP181 EP189 A1 - H. G. Kayacik, A1 - A. N. Zincir-Heywood, A1 - M. I. Heywood, PY - 2004 KW - Security and Protection KW - Unauthorized access KW - Models KW - neural nets KW - Security KW - Design KW - Intrusion detection KW - Self-Organizing Maps VL - 0 JA - Communication Networks and Services Research, Annual Conference on ER - | |||
A critical design decision in the construction of intrusion detection systems is often the selection of features describing the characteristics of the data being learnt. Selecting features often requires a priori or expert knowledge and may lead to the introduction of specific attack biases — intended or otherwise. To this end, summarized network connections from the DARPA 98 Lincoln Labs dataset are employed for training and testing a data driven learning architecture. The learning architecture is composed from a hierarchy of self-organizing feature maps. Such a scheme is entirely unsupervised, thus the quality of the intrusion detection system is directly influenced by the quality of the dataset. Dataset biases are investigated through three different dataset partitions: 10% KDD (default training dataset); normal connections alone; 50/50 mix of attack and normal. The three resulting intrusion detection systems appear to be competitive with the alternative cluster based datamining approaches.
Index Terms:
Security and Protection, Unauthorized access, Models, neural nets, Security, Design, Intrusion detection, Self-Organizing Maps
Citation:
H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood, "On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection," cnsr, pp.181-189, Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004
Usage of this product signifies your acceptance of the Terms of Use.