Application of Data Mining to Network Intrusion Detection: Classifier Selection Model

  • Huy Anh Nguyen
  • Deokjai Choi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5297)


As network attacks have increased in number and severity over the past few years, intrusion detection system (IDS) is increasingly becoming a critical component to secure the network. Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, optimizing performance of IDS becomes an important open problem that is receiving more and more attention from the research community. The uncertainty to explore if certain algorithms perform better for certain attack classes constitutes the motivation for the reported herein. In this paper, we evaluate performance of a comprehensive set of classifier algorithms using KDD99 dataset. Based on evaluation results, best algorithms for each attack category is chosen and two classifier algorithm selection models are proposed. The simulation result comparison indicates that noticeable performance improvement and real-time intrusion detection can be achieved as we apply the proposed models to detect different kinds of network attacks.


Data mining Machine learning Classifier Network security Intrusion detection Algorithm selection KDD dataset 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Weka – Data Mining Machine Learning Software,
  2. 2.
  3. 3.
    Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)zbMATHGoogle Scholar
  4. 4.
    Agarwal, R., Joshi, M.V.: PNrule: A New Framework for Learning Classifier Models in Data Mining. Tech. Report, Dept. of Computer Science, University of Minnesota (2000)Google Scholar
  5. 5.
    Yeung, D.Y., Chow, C.: Prazen-window Network Intrusion Detectors. In: 16th International Conference on Pattern Recognition, Quebec, Canada, pp. 11–15 (August 2002)Google Scholar
  6. 6.
    Xu, X.: Adaptive Intrusion Detection Based on Machine Learning: Feature Extraction, Classifier Construction and Sequential Pattern Prediction. International Journal of Web Services Practices 2(1-2), 49–58 (2006)Google Scholar
  7. 7.
    Li, Y., Guo, L.: An Active Learning Based TCM-KNN Algorithm for Supervised Network Intrusion Detection. In: 26th Computers & Security, pp. 459–467 (October 2007)Google Scholar
  8. 8.
    John, G.H., Langley, P.: Estimating Continuous Distributions in Bayesian Classifiers. In: Proc. of the 11th Conf. on Uncertainty in Artificial Intelligence (1995)Google Scholar
  9. 9.
    Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Mateo (1993)Google Scholar
  10. 10.
    Kohavi, R.: Scaling up the accuracy of naïve-bayes classifier: A decision-tree hybrid. In: Proc. of the 2nd International Conference on Knowledge Discovery and Data Mining, pp. 202–207. AAAI Press, Menlo Park (1996)Google Scholar
  11. 11.
    Werbos, P.: Beyond Regression: New Tools for Prediction and Analysis in the Behavioral Sciences. PhD Thesis, Harvard University (1974)Google Scholar
  12. 12.
    Aksoy, S.: k-Nearest Neighbor Classifier and Distance Functions. Technical Report, Department of Computer Engineering, Bilkent University (February 2008)Google Scholar
  13. 13.
    Sabhnani, M., Serpen, G.: Why Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Dataset. In: Intelligent Data Analysis, vol. 6 (June 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Huy Anh Nguyen
    • 1
  • Deokjai Choi
    • 1
  1. 1.Computer Science DepartmentChonnam National UniversityGwangjuKorea

Personalised recommendations