Decision Sciences Journal
Volume 32, Number 4
Fall 2001
Data Mining for Network Intrusion Detection: A Comparison
of Alternative Methods
Dan Zhu and G. Premkumar
Department of Logistics, Operations and MIS, Iowa State University,
Ames, IA 50011, email: dzhu@iastate.edu, prem@iastate.edu
Xiaoning Zhang
Tellabs Operations, Inc., 4951 Indiana Avenue, Lisle, IL 60532,
email: mzhang@tellabs.com
Chao-Hsien Chu
School of Information Sciences and Technology, Pennsylvania State
University, University Park, PA 16802, email: chu@ist.psu.edu
Abstract. Intrusion detection systems help network
administrators prepare for and deal with network security attacks.
These systems collect information from a variety of systems and
network sources, and analyze them for signs of intrusion and
misuse. A variety of techniques have been employed for analysis
ranging from traditional statistical methods to new data mining
approaches. In this study the performance of three data mining
methods in detecting network intrusion is examined. An experimental
design is created to evaluate the impact of three data mining
methods, two data representation formats, and two data proportion
schemes on the classification accuracy of intrusion detection
systems. The results indicate that data mining methods and data
proportion have a significant impact on classification accuracy.
Within data mining methods, rough sets provide better accuracy,
followed by neural networks and inductive learning. Balanced
data proportion performs better than unbalanced data proportion.
There are no major differences in performance between binary
and integer data representation.
Subject Areas: Data Mining, Inductive Learning, Intrusion
Detection, Network Security, Neural Networks, Rough Sets, and
Telecommunications. |