0

Full Content is available to subscribers

Subscribe/Learn More  >
Proceedings Article

Improvement in minority attack detection with skewness in network traffic

[+] Author Affiliations
Ciza Thomas, N. Balakrishnan

IISc (India)

Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 69730N (March 17, 2008); doi:10.1117/12.785623
Text Size: A A A
From Conference Volume 6973

  • Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008
  • Belur V. Dasarathy
  • Orlando, FL | March 16, 2008

abstract

The acceptability and usability of Intrusion Detection Systems get seriously affected with the data skewness in network traffic. A large number of false alarms mean a lot in terms of the acceptability of Intrusion Detection Systems. The reason for the increase in false alerts is that the normal traffic abound. Even with highly accurate Intrusion Detection Systems, the effective detection rate of the minority attack types will be unacceptably low and those attack types are often the most serious ones. Thus high accuracy is not necessarily an indicator of high model quality, and therein lies the accuracy paradox of predictive analytics. The cost of missing an attack is higher than the cost of false alarms. The data-dependent sensor fusion architecture presented in this paper learns from the data and then appropriately gives weighting to the decisions of various Intrusion Detection Systems. The fusion enriches these weighted decisions to provide a single decision, which is better than those of the existing Intrusion Detection Systems. This method reduces the false positive rate and improves the overall detection rate and also the detection rate of minority class types in particular.

© (2008) COPYRIGHT SPIE--The International Society for Optical Engineering. Downloading of the abstract is permitted for personal use only.
Citation

Ciza Thomas and N. Balakrishnan
"Improvement in minority attack detection with skewness in network traffic", Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 69730N (March 17, 2008); doi:10.1117/12.785623; http://dx.doi.org/10.1117/12.785623


Access This Article
Sign In to Access Full Content
Please Wait... Processing your request... Please Wait.
Sign in or Create a personal account to Buy this article ($15 for members, $18 for non-members).
 

Figures

Tables

NOTE:
Citing articles are presented as examples only. In non-demo SCM6 implementation, integration with CrossRef’s "Cited By" API will populate this tab (http://www.crossref.org/citedby.html).

Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging & repositioning the boxes below.

Related Book Chapters

Topic Collections

Advertisement


Buy this article ($18 for members, $25 for non-members).
Sign In