This is the latest version of this eprint.

Abstract

The application of machine learning to intrusion detection has been researched for several decades, however, with varying degrees of success. This paper focuses on two common techniques: Multi Layer Perceptrons (MLPs) and Decision Trees (DTs). Previous research on these techniques has produced contradictory results concerning their ability to detect particular classes of intrusion. Some of these contradictions are argued to be a result of properties of the data set used for empirical study, the KDD Cup ’99 data set, which poses several challenges to learning algorithms. One particular challenge is considered here, learning from imbalanced data, which is an intrinsic problem to intrusion detection. Empirical results show that both the DT and MLP trained with back propagation obtain very poor classification rates of the minor classes, particularly U2R (User to Root) intrusions; the MLP often being unable to detect this class. An evolutionary neural network is employed, in which several evaluation functions are examined. Two general fitness measures are used, which lead to similar behaviour to training an MLP with back propagation. However, when employing evaluation functions that calculate the fitness proportionally to the instances of each class, thereby avoiding a bias towards the major class(es) in the data set, significantly improved true positive rates are obtained whilst maintaining a low false positive rate.

Available Versions of this Item

• Are Multi Layer Perceptrons Unsuitable for Network Based Misuse Detection? (deposited 18 Jan 2009 17:11)
  • Enhancing Network Based Intrusion Detection for Imbalanced Data. (deposited 11 Sep 2009 13:27) [Currently Displayed]