The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
O sistema de detecção de intrusão (IDS) é um dispositivo ou software para monitorar um sistema de rede em busca de atividades maliciosas. Em termos de resultados de detecção, pode haver dois tipos de falsos, nomeadamente, o falso positivo (FP), que detecta incorrectamente o tráfego normal como anormal, e o falso negativo (FN), que julga incorrectamente o tráfego malicioso como normal. Para proteger o sistema de rede, esperamos que o FN seja minimizado o mais baixo possível. No entanto, como existe um trade-off entre FP e FN quando o IDS detecta tráfego malicioso, é difícil reduzir ambas as métricas simultaneamente. Neste artigo, propomos um método de combinação de classificadores sequenciais para reduzir o efeito do trade-off. O classificador único sofre uma alta taxa de FN em geral, portanto classificadores adicionais são combinados sequencialmente para detectar mais positivos (reduzir mais FN). Como cada classificador pode reduzir FN e não gera muito FP em nossa abordagem, podemos conseguir uma redução de FN no resultado final. Nas avaliações, usamos o conjunto de dados NSL-KDD, que é uma versão atualizada do conjunto de dados KDD Cup'99. WEKA é utilizado como ferramenta de classificação em experimentos, e os resultados mostram que a abordagem proposta pode reduzir FN enquanto melhora a sensibilidade e precisão.
Sornxayya PHETLASY
The University of Electro-Communications
Satoshi OHZAHATA
The University of Electro-Communications
Celimuge WU
The University of Electro-Communications
Toshihito KATO
The University of Electro-Communications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Sornxayya PHETLASY, Satoshi OHZAHATA, Celimuge WU, Toshihito KATO, "A Sequential Classifiers Combination Method to Reduce False Negative for Intrusion Detection System" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 5, pp. 888-897, May 2019, doi: 10.1587/transinf.2018NTP0019.
Abstract: Intrusion detection system (IDS) is a device or software to monitor a network system for malicious activity. In terms of detection results, there could be two types of false, namely, the false positive (FP) which incorrectly detects normal traffic as abnormal, and the false negative (FN) which incorrectly judges malicious traffic as normal. To protect the network system, we expect that FN should be minimized as low as possible. However, since there is a trade-off between FP and FN when IDS detects malicious traffic, it is difficult to reduce the both metrics simultaneously. In this paper, we propose a sequential classifiers combination method to reduce the effect of the trade-off. The single classifier suffers a high FN rate in general, therefore additional classifiers are sequentially combined in order to detect more positives (reduce more FN). Since each classifier can reduce FN and does not generate much FP in our approach, we can achieve a reduction of FN at the final output. In evaluations, we use NSL-KDD dataset, which is an updated version of KDD Cup'99 dataset. WEKA is utilized as a classification tool in experiment, and the results show that the proposed approach can reduce FN while improving the sensitivity and accuracy.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018NTP0019/_p
Copiar
@ARTICLE{e102-d_5_888,
author={Sornxayya PHETLASY, Satoshi OHZAHATA, Celimuge WU, Toshihito KATO, },
journal={IEICE TRANSACTIONS on Information},
title={A Sequential Classifiers Combination Method to Reduce False Negative for Intrusion Detection System},
year={2019},
volume={E102-D},
number={5},
pages={888-897},
abstract={Intrusion detection system (IDS) is a device or software to monitor a network system for malicious activity. In terms of detection results, there could be two types of false, namely, the false positive (FP) which incorrectly detects normal traffic as abnormal, and the false negative (FN) which incorrectly judges malicious traffic as normal. To protect the network system, we expect that FN should be minimized as low as possible. However, since there is a trade-off between FP and FN when IDS detects malicious traffic, it is difficult to reduce the both metrics simultaneously. In this paper, we propose a sequential classifiers combination method to reduce the effect of the trade-off. The single classifier suffers a high FN rate in general, therefore additional classifiers are sequentially combined in order to detect more positives (reduce more FN). Since each classifier can reduce FN and does not generate much FP in our approach, we can achieve a reduction of FN at the final output. In evaluations, we use NSL-KDD dataset, which is an updated version of KDD Cup'99 dataset. WEKA is utilized as a classification tool in experiment, and the results show that the proposed approach can reduce FN while improving the sensitivity and accuracy.},
keywords={},
doi={10.1587/transinf.2018NTP0019},
ISSN={1745-1361},
month={May},}
Copiar
TY - JOUR
TI - A Sequential Classifiers Combination Method to Reduce False Negative for Intrusion Detection System
T2 - IEICE TRANSACTIONS on Information
SP - 888
EP - 897
AU - Sornxayya PHETLASY
AU - Satoshi OHZAHATA
AU - Celimuge WU
AU - Toshihito KATO
PY - 2019
DO - 10.1587/transinf.2018NTP0019
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2019
AB - Intrusion detection system (IDS) is a device or software to monitor a network system for malicious activity. In terms of detection results, there could be two types of false, namely, the false positive (FP) which incorrectly detects normal traffic as abnormal, and the false negative (FN) which incorrectly judges malicious traffic as normal. To protect the network system, we expect that FN should be minimized as low as possible. However, since there is a trade-off between FP and FN when IDS detects malicious traffic, it is difficult to reduce the both metrics simultaneously. In this paper, we propose a sequential classifiers combination method to reduce the effect of the trade-off. The single classifier suffers a high FN rate in general, therefore additional classifiers are sequentially combined in order to detect more positives (reduce more FN). Since each classifier can reduce FN and does not generate much FP in our approach, we can achieve a reduction of FN at the final output. In evaluations, we use NSL-KDD dataset, which is an updated version of KDD Cup'99 dataset. WEKA is utilized as a classification tool in experiment, and the results show that the proposed approach can reduce FN while improving the sensitivity and accuracy.
ER -