Title :
Application of Unbalanced Data Approach to Network Intrusion Detection
Author :
Yueai, Zhao ; Junjie, Chen
Author_Institution :
Inst. of Comput. Sci. & Software, Taiyuan Univ. of Sci. & Technol., Taiyuan, China
Abstract :
In view of the current problems of HNIDS (high-speed network intrusion detection system), such as high packet loss rate, slow pace of testing for attacks and unbalanced data for detection. This paper presents a novel approach for HNIDS by taking two-stage strategy with load balancing model. In the on-line phase, the system captures the packets from network and split into small according the type of protocol, then detected intrusion through each sensor. In the off-line, training dataset are used to build model, which can detected intrusion. We discuss different approaches to unbalanced data, empirically evaluate the SMOTE over-sampling approaches, AdaBoost and random forests algorithm. We also discuss the approaches for selecting features. Finally report our experimental results over the KDD´99 datasets. The results show that SMOTE and the AdaBoost algorithm by using random forests as weak learner not only can provides better performance to small class, but also has lower build model time.
Keywords :
computer networks; protocols; resource allocation; security of data; telecommunication security; AdaBoost algorithm; HNIDS; SMOTE oversampling; high-speed network intrusion detection system; load balancing; protocol; random forest algorithm; unbalanced data; Application software; Computer science; High-speed networks; Intrusion detection; Load management; Load modeling; Phase detection; Protocols; Sensor systems; Telecommunication traffic; Adaboost; SMOTE; ensemble learning; networks intrusion detection; random forests; unbalanced data;
Conference_Titel :
Database Technology and Applications, 2009 First International Workshop on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3604-0
DOI :
10.1109/DBTA.2009.116
