Anomaly detection using random forest: A performance revisited

2017 International Conference on Data and Software Engineering (ICoDSE) Pub Date : 2017-11-01 DOI:10.1109/ICODSE.2017.8285847

Rifkie Primartha, Bayu Adhi Tama

{"title":"Anomaly detection using random forest: A performance revisited","authors":"Rifkie Primartha, Bayu Adhi Tama","doi":"10.1109/ICODSE.2017.8285847","DOIUrl":null,"url":null,"abstract":"Intruders have become more and more sophisticated thus a deterrence mechanism such as an intrusion detection systems (IDS) is pivotal in information security management. An IDS aims at capturing and repealing any malignant activities in the network before they can cause harmful destruction. An IDS relies on a well-trained classification model so the model is able to identify the presence of attacks effectively. This paper compares the performance of IDS by exerting random forest classifier with respect to two performance measures, i.e. accuracy and false alarm rate. Three public intrusion data sets, i.e NSL-KDD, UNSW-NB15, and GPRS are employed in the experiment. Furthermore, different tree-size ensembles are considered whilst other best learning parameters are obtained using a grid search. Our experimental results prove the superiority of random forest model for IDS as it significantly outperforms the similar ensemble, i.e. ensemble of random tree + naive bayes tree and other single classifier, i.e. naive bayes and neural network in terms of k-cross validation method.","PeriodicalId":366005,"journal":{"name":"2017 International Conference on Data and Software Engineering (ICoDSE)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"86","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Data and Software Engineering (ICoDSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICODSE.2017.8285847","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 86

Abstract

Intruders have become more and more sophisticated thus a deterrence mechanism such as an intrusion detection systems (IDS) is pivotal in information security management. An IDS aims at capturing and repealing any malignant activities in the network before they can cause harmful destruction. An IDS relies on a well-trained classification model so the model is able to identify the presence of attacks effectively. This paper compares the performance of IDS by exerting random forest classifier with respect to two performance measures, i.e. accuracy and false alarm rate. Three public intrusion data sets, i.e NSL-KDD, UNSW-NB15, and GPRS are employed in the experiment. Furthermore, different tree-size ensembles are considered whilst other best learning parameters are obtained using a grid search. Our experimental results prove the superiority of random forest model for IDS as it significantly outperforms the similar ensemble, i.e. ensemble of random tree + naive bayes tree and other single classifier, i.e. naive bayes and neural network in terms of k-cross validation method.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用随机森林进行异常检测:重新考察性能

随着入侵者的日益复杂，入侵检测系统(IDS)等威慑机制在信息安全管理中起着至关重要的作用。IDS的目的是在网络中的任何恶性活动造成有害破坏之前捕获并消除它们。IDS依赖于训练良好的分类模型，因此该模型能够有效地识别攻击的存在。本文利用随机森林分类器对IDS的准确率和虚警率两个性能指标进行了比较。实验采用NSL-KDD、UNSW-NB15和GPRS三个公共入侵数据集。此外，考虑不同的树大小集合，同时使用网格搜索获得其他最佳学习参数。我们的实验结果证明了随机森林模型在IDS中的优越性，在k-cross验证方法上，它明显优于相似的集合(随机树+朴素贝叶斯树的集合)和其他单一分类器(朴素贝叶斯和神经网络)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2017 International Conference on Data and Software Engineering (ICoDSE)

自引率

0.00%

发文量