On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection

Fredericton, N.B., Canada May 19-May 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DNSR.2004.1344727

Second Annual Conference on Communica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by H. G. Kayacik Articles by A. N. Zincir-Heywood Articles by M. I. Heywood

	ASCII Text	x
	H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood, "On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection," Communication Networks and Services Research, Annual Conference on, pp. 181-189, Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004.

	BibTex	x
	@article{ 10.1109/DNSR.2004.1344727, author = {H. G. Kayacik and A. N. Zincir-Heywood and M. I. Heywood}, title = {On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection}, journal ={Communication Networks and Services Research, Annual Conference on}, volume = {0}, year = {2004}, isbn = {0-7695-2096-0}, pages = {181-189}, doi = {http://doi.ieeecomputersociety.org/10.1109/DNSR.2004.1344727}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Communication Networks and Services Research, Annual Conference on TI - On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection SN - 0-7695-2096-0 SP181 EP189 A1 - H. G. Kayacik, A1 - A. N. Zincir-Heywood, A1 - M. I. Heywood, PY - 2004 KW - Security and Protection KW - Unauthorized access KW - Models KW - neural nets KW - Security KW - Design KW - Intrusion detection KW - Self-Organizing Maps VL - 0 JA - Communication Networks and Services Research, Annual Conference on ER -

H. G. Kayacik, Dalhousie University

A. N. Zincir-Heywood, Dalhousie University

M. I. Heywood, Dalhousie University

A critical design decision in the construction of intrusion detection systems is often the selection of features describing the characteristics of the data being learnt. Selecting features often requires a priori or expert knowledge and may lead to the introduction of specific attack biases — intended or otherwise. To this end, summarized network connections from the DARPA 98 Lincoln Labs dataset are employed for training and testing a data driven learning architecture. The learning architecture is composed from a hierarchy of self-organizing feature maps. Such a scheme is entirely unsupervised, thus the quality of the intrusion detection system is directly influenced by the quality of the dataset. Dataset biases are investigated through three different dataset partitions: 10% KDD (default training dataset); normal connections alone; 50/50 mix of attack and normal. The three resulting intrusion detection systems appear to be competitive with the alternative cluster based datamining approaches.

Index Terms:

Security and Protection, Unauthorized access, Models, neural nets, Security, Design, Intrusion detection, Self-Organizing Maps

Citation:

H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood, "On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection," cnsr, pp.181-189, Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.