Digital Library
Close Browse articles from a journal
 
Search for with title:
ABCDEFGHIJKLMNOPQRSTUVWXYZ

 
<< previous   
     Journal description
       All volumes of the corresponding journal
         All issues of the corresponding volume
           All articles of the corresponding issues
                                       Details for article 7 of 7 found articles
 
 
  Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
 
 
Title: Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Author: Maheshkumar Sabhnani
Gursel Serpen
Appeared in: Intelligent data analysis
Paging: Volume 8 (2004) nr. 4 pages 403-415
Year: 2004-10-20
Contents: A large set of machine learning and pattern classification algorithms trained and tested on KDD intrusion detection data set failed to identify most of the user-to-root and remote-to-local attacks, as reported by many researchers in the literature. In light of this observation, this paper aims to expose the deficiencies and limitations of the KDD data set to argue that this data set should not be used to train pattern recognition or machine learning algorithms for misuse detection for these two attack categories. Multiple analysis techniques are employed to demonstrate, both objectively and subjectively, that the KDD training and testing data subsets represent dissimilar target hypotheses for user-to-root and remote-to-local attack categories. These techniques consisted of switching the roles of original training and testing data subsets to develop a decision tree classifier, cross-validation on merged training and testing data subsets, and qualitative and comparative analysis of rules generated independently on training and testing data subsets through the C4.5 decision tree algorithm. Analysis results clearly suggest that no pattern classification or machine learning algorithm can be trained successfully with the KDD data set to perform misuse detection for user-to-root or remote-to-local attack categories. It is further noted that the analysis techniques employed to assess the similarity between the two target hypotheses represented by the training and the testing data subsets can readily be generalized to data set pairs in other problem domains.
Publisher: IOS Press
Source file: Elektronische Wetenschappelijke Tijdschriften
 
 

                             Details for article 7 of 7 found articles
 
<< previous   
 
 Koninklijke Bibliotheek - National Library of the Netherlands