ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Naive Bayes vs decision trees in intrusion detection systems
Full text PdfPdf (235 KB)
Source Symposium on Applied Computing archive
Proceedings of the 2004 ACM symposium on Applied computing table of contents
Nicosia, Cyprus
SESSION: Computer security (SEC) table of contents
Pages: 420 - 424  
Year of Publication: 2004
ISBN:1-58113-812-1
Authors
Nahla Ben Amor  Institute Supérieur de Gestion, Le Bardo, Tunisie
Salem Benferhat  Université d'Artois, Rue Jean Souvraz, Lens, Cedex, France
Zied Elouedi  Institute Supérieur de Gestion, Le Bardo, Tunisie
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 42,   Downloads (12 Months): 178,   Citation Count: 9
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/967900.967989
What is a DOI?

Warning: The download time has expired please click on the item to try again.


ABSTRACT

Bayes networks are powerful tools for decision and reasoning under uncertainty. A very simple form of Bayes networks is called naive Bayes, which are particularly efficient for inference tasks. However, naive Bayes are based on a very strong independence assumption. This paper offers an experimental study of the use of naive Bayes in intrusion detection. We show that even if having a simple structure, naive Bayes provide very competitive results. The experimental study is done on KDD'99 intrusion data sets. We consider three levels of attack granularities depending on whether dealing with whole attacks, or grouping them in four main categories or just focusing on normal and abnormal behaviours. In the whole experimentations, we compare the performance of naive Bayes networks with one of well known machine learning techniques which is decision tree. Moreover, we compare the good performance of Bayes nets with respect to existing best results performed on KDD'99.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report 99-15, March 2000.
 
2
Breiman, L., Friedman, J. H., Olshen, R. A., Stone, C. J.: Classification and regression trees. Monterey, CA Wadsworth & Brooks, 1984.
 
3
Gregory F. Cooper, The computational complexity of probabilistic inference using Bayesian belief networks (research note), Artificial Intelligence, v.42 n.2-3, p.393-405, March 1990  [doi>10.1016/0004-3702(90)90060-D]
 
4
Hyafil, L., Rivest, R. L: Constructing optimal binary decision trees is NP-complete. Information Processing Letters, 5(1):15--17, 1976.
 
5
Finn V. Jensen , F.V. V. Jensen , F. V. Jensen, Introduction to Bayesian Networks, Springer-Verlag New York, Inc., Secaucus, NJ, 1996
 
6
George Harrison John, Enhancements to the data mining process, Stanford University, Stanford, CA, 1997
 
7
Kumar, S., Spafford., E. H.: A software architecture to support misuse intrusion detection. In proceedings of the 18th National Information Security Conference, 194--204, 1995.
 
8
Koral Ilgun , R. A. Kemmerer , Phillip A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, IEEE Transactions on Software Engineering, v.21 n.3, p.181-199, March 1995  [doi>10.1109/32.372146]
 
9
Lunt, T.: Detecting intruders in computer systems. In proceedings of the Sixth Annual Symposium and Technical Displays on Physical and Electronic Security, 1993.
 
10
Judea Pearl, Probabilistic reasoning in intelligent systems: networks of plausible inference, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1988
 
11
Porras, P. A., Neumann., P. G., EMERALD: Event monitoring enabling responses to anomalous live disturbances. In proceedings of the 20th National Information Systems Security Conference, Baltimore, Maryland, USA, NIST, 353--365, 1997.
 
12
J. Ross Quinlan, C4.5: programs for machine learning, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1993
 
13
Quinlan, J. R.: Bagging, boosting, and C4.5. Proceedings of the thirteenth national conference on AI, Vol. 1, 725--730, 1997.
 
14
Alfonso Valdes , Keith Skinner, Adaptive, Model-Based Monitoring for Cyber Attack Detection, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.80-92, October 02-04, 2000
 
15
http://kdd.ccs.uci.edu/databases/kddcup99/task.html
 
16
R. Marty: Snort the open source network IDS, http://www.snort.org/, 2001.

CITED BY  9
Nitesh V. Chawla , Lawrence O. Hall , Ajay Joshi, Wrapper-based computation and evaluation of sampling methods for imbalanced datasets, Proceedings of the 1st international workshop on Utility-based data mining, p.24-33, August 21-21, 2005, Chicago, Illinois
Gary Stein , Bing Chen , Annie S. Wu , Kien A. Hua, Decision tree classifier for network intrusion detection with GA-based feature selection, Proceedings of the 43rd annual southeast regional conference, March 18-20, 2005, Kennesaw, Georgia
J. Lane Thames , Randal Abler , Ashraf Saad, Hybrid intelligent systems for network security, Proceedings of the 44th annual southeast regional conference, March 10-12, 2006, Melbourne, Florida
Juan José García Adeva , Juan Manuel Pikatza Atxa, Intrusion detection in web applications using text mining, Engineering Applications of Artificial Intelligence, v.20 n.4, p.555-566, June, 2007
Guofei Gu , Alvaro A. Cárdenas , Wenke Lee, Principled reasoning and practical applications of alert fusion in intrusion detection systems, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Satoru Ohta , Ryosuke Kurebayashi , Kiyoshi Kobayashi, Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet, Journal of Network and Systems Management, v.16 n.4, p.399-419, December 2008
Nitesh V. Chawla , David A. Cieslak , Lawrence O. Hall , Ajay Joshi, Automatically countering imbalance and its empirical relationship to cost, Data Mining and Knowledge Discovery, v.17 n.2, p.225-252, October 2008
Vegard Engen , Jonathan Vincent , Keith Phalp, Enhancing network based intrusion detection for imbalanced data, International Journal of Knowledge-based and Intelligent Engineering Systems, v.12 n.5,6, p.357-367, December 2008
Su-Yun Wu , Ester Yen, Data mining-based intrusion detectors, Expert Systems with Applications: An International Journal, v.36 n.3, p.5605-5612, April, 2009
Collaborative Colleagues:
Nahla Ben Amor: colleagues
Salem Benferhat: colleagues
Zied Elouedi: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player