|
|||||
|
|
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet |
|||
| Authors: | Satoru Ohta Ryosuke Kurebayashi Kiyoshi Kobayashi | ||
| Affiliation: | (1) Faculty of Engineering, Toyama Prefectural University, 5180 Kurokawa, Imizu-shi, Toyama 939-0398, Japan;(2) Network Solutions Busimess Headquarters, NTT Advanced Technology Corporation, Totsuka-ku, Yokohama-shi, Japan;(3) NTT Network Innovation Laboratories, NTT Corporation, Yokosuka-shi, Japan | ||
| Abstract: | Machine learning or data mining technologies are often used in network intrusion detection systems. An intrusion detection
system based on machine learning utilizes a classifier to infer the current state from the observed traffic attributes. The
problem with learning-based intrusion detection is that it leads to false positives and so incurs unnecessary additional operation
costs. This paper investigates a method to decrease the false positives generated by an intrusion detection system that employs
a decision tree as its classifier. The paper first points out that the information-gain criterion used in previous studies
to select the attributes in the tree-constructing algorithm is not effective in achieving low false positive rates. Instead
of the information-gain criterion, this paper proposes a new function that evaluates the goodness of an attribute by considering
the significance of error types. The proposed function can successfully choose an attribute that suppresses false positives
from the given attribute set and the effectiveness of using it is confirmed experimentally. This paper also examines the more
trivial leaf rewriting approach to benchmark the proposed method. The comparison shows that the proposed attribute evaluation
function yields better solutions than the leaf rewriting approach.
|
||
| Keywords: | Internet Intrusion detection Data mining Machine learning Decision tree | ||
| 本文献已被 SpringerLink 等数据库收录! | |||
