Resource-sensitive intrusion detection models for network traffic

Network security has become an important issue in today´s extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences have never been more risk from the increasing onslaught of computer attacks than more recently. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial losses if business operations are compromised. Intrusion detection systems (IDS) have been used along with data mining and machine learning efforts to detect intruders. However, with the limitation of organizational resources, it is unreasonable to inspect every network alarm raised by the ids. Towards resource-and cost-sensitive IDS models we investigate the Modified Expected Cost of Misclassification as a model selection measure for building goal oriented intrusion detection classifier. The case study presented is that of the DARPA 1998 offline intrusion detection project. The empirical results show promise for building a resource-based intrusion detection model.