Computer Network Intrusion Detection: Machine Learning Approach

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


The conventional approach to securing computer systems against cyber threats is to design mechanisms such as firewalls, authentication tools, and virtual private networks that create a protective shield. However, these mechanisms almost always have vulnerabilities which are often, caused by careless design and implementation bugs. This has created the need for intrusion detection system that complements conventional security approaches by monitoring systems and identifying computer attacks. Traditional intrusion detection methods are based on human experts' extensive knowledge of attack signatures which are character strings in a messages payload that indicate malicious content. These methods have several limitations. They cannot detect novel attacks, because someone must manually revise the signature database beforehand for each new type of intrusion discovered. Once someone discovers a new attack and develops its signature, deploying that signature in all the system is very difficult. The need for efficient detection of newly emerging malicious acts is increasingly important. The limitations in the traditional intrusion detection systems and the need for more efficient systems led to an increasing interest in intrusion detection techniques based on data mining. The problems with the current researches on intrusion detection using data mining approach are that they try to minimize the error rate (make the classification decision to minimize the probability of error) by totally ignoring the cost that could be incurred. However, for many problem domains, the requirement is not merely to predict the most probable class label, since different types of errors carry different costs. Instances of such problems include authentication,v where the cost of allowing unauthorized access can be much greater than that of wrongly denying access to authorized individuals, and intrusion detection, where raising false alarms has a substantially lower cost than allowing an undetected intrusion. In such cases, it is preferable to make the classification decision that has minimum cost, rather than that with the lowest error rate. For this reason, we examine how cost-sensitive classification methods can be used in Intrusion Detection systems. The performance of the approach is evaluated under different experimental conditions and different classification models in comparison with the KDD Cup 99 winner results, in terms of average misclassification cost, as well as detection accuracy and false positive rates. Key words: Intrusion detection, Data mining, Cost sensitive learning.



Intrusion detection, Data mining, Cost sensitive learning