Indirect classification approaches: a comparative study in network intrusion detection Online publication date: Mon, 08-Jan-2007
by Taghi M. Khoshgoftaar, Kehan Gao, Hua Lin
International Journal of Computer Applications in Technology (IJCAT), Vol. 27, No. 4, 2006
Abstract: The application of data mining and machine learning techniques to the network intrusion detection domain has recently gained importance. This paper presents a set of indirect classification techniques for addressing the multi-category classification problem in network intrusion detection. In contrast to indirect classification techniques, direct classification techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect classification technique decomposes the original multi-category problem into multiple binary classification problems based on some criteria. We investigate the one vs. one and one vs. rest approaches for building the binary classifiers, the results of which are then merged using a combining strategy. Three different combining strategies are investigated in our study, and they are Hamming decoding, loss-based decoding, and soft-max function. Consequently, we evaluate six different indirect classification techniques in our study. To our knowledge, there are no existing works that evaluate as many indirect classification techniques. The six indirect classification approaches are investigated and relatively evaluated in the context of DARPA KDD–1999 offline intrusion detection project. Our empirical evaluation indicated that among the binarisation techniques, the one vs. one technique yielded generally better results; while among the combining strategies, the loss-based decoding and Hamming-decoding techniques yielded better results than the soft-max function. This study demonstrates the usefulness of the indirect classification approach for network intrusion detection.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Computer Applications in Technology (IJCAT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook