Title :
Evaluation and Comparison of Classification Techniques for Network Intrusion Detection
Author :
Giray, Sait Murat ; Polat, Aydin Goze
Author_Institution :
Comput. Eng. Dept., Middle East Tech. Univ. (METU), Ankara, Turkey
Abstract :
Data mining provides a useful environment and set of tools for processing large datasets such as Intrusion Detection Systems (IDS) logs. Researchers improve existing IDS models by comparing the performance of various algorithms on these datasets. It is very important to keep in mind that an IDS often has to work in a noisy network environment. Network noise is one of the most challenging issues for efficient threat detection and classification. In this study, normal and noisy datasets for network IDS domain are used and various classification algorithms are evaluated. The results show that an evaluation of algorithms without noise is misleading for IDSs since algorithms that perform best without noise do not necessarily achieve the same in a realistic noisy environment. Moreover refined NSL KDD dataset allows a more realistic evaluation of various algorithms than the original KDD 99 dataset.
Keywords :
data mining; pattern classification; security of data; KDD 99 dataset; NSL KDD dataset; classification technique comparison; classification technique evaluation; data mining; network IDS domain; network intrusion detection system logs; noisy network environment; threat classification; threat detection; Algorithm design and analysis; Classification algorithms; Intrusion detection; Noise; Noise measurement; Prediction algorithms; Training; Intrusion detection; anomaly identification; classifier; false alarm; ignored attack; prediction;
Conference_Titel :
Data Mining Workshops (ICDMW), 2013 IEEE 13th International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4799-3143-9
DOI :
10.1109/ICDMW.2013.83
