Authors: Mradul Dhakar; Akhilesh Tiwari
Addresses: Department of CSE, SOET, ITM University Gwalior, Madhya Pradesh, India ' Department of CSE & IT, Madhav Institute of Technology and Science, Gwalior, Madhya Pradesh, India
Abstract: Despite enormous efforts for detecting unauthorised attempts to access a system or a network using an Intrusion Detection System (IDS), a major shortcoming still remains, which is the high False Positive (FP) rate, i.e. incorrect classification of the normal activities as abnormal (intrusion). It has been observed that the simple Bayes Net is one of the frequently used techniques for intrusion detection. Although satisfactory results have been obtained from the K2 algorithm incorporated in Bayes Net, the need for reducing the FP rate still arises. The present paper proposes a new model that serves as an alternative to Bayes Net with K2 algorithm, named TAN-based model for intrusion detection. This model has shown promising results with an advantage of more accurate detection of intrusions along with reduced FP rate.
Keywords: data mining; intrusion detection; K2; TAN; tree-augmented naive Bayes; KDDCUP'99; naive Bayes modelling; false positives; security.
International Journal of Knowledge Engineering and Data Mining, 2014 Vol.3 No.1, pp.20 - 30
Accepted: 01 Sep 2014
Published online: 08 Dec 2014 *