Issue No. 01 - January-March (2010 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.20
Baikunth Nath , The University of Melbourne, Carlton
Ramamohanarao Kotagiri , The University of Melbourne, Melbourne
Kapil Kumar Gupta , The University of Melbourne, Melbourne
Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. Experimental results on the benchmark KDD '99 intrusion data set show that our proposed system based on Layered Conditional Random Fields outperforms other well-known methods such as the decision trees and the naive Bayes. The improvement in attack detection accuracy is very high, particularly, for the U2R attacks (34.8 percent improvement) and the R2L attacks (34.5 percent improvement). Statistical Tests also demonstrate higher confidence in detection accuracy for our method. Finally, we show that our system is robust and is able to handle noisy data without compromising performance.
Intrusion detection, Layered Approach, Conditional Random Fields, network security, decision trees, naive Bayes.
Baikunth Nath, Ramamohanarao Kotagiri, Kapil Kumar Gupta, "Layered Approach Using Conditional Random Fields for Intrusion Detection", IEEE Transactions on Dependable and Secure Computing, vol. 7, no. , pp. 35-49, January-March 2010, doi:10.1109/TDSC.2008.20