A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection
Network intrusion detection research work that employed KDDCup 99 dataset often encounter challenges in creating classifiers that could handle unequal distributed attack categories. The accuracy of a classification model could be jeopardized if the distribution of attack categories in a training dat...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer US
2012
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/3463/ http://shdl.mmu.edu.my/3463/1/A%20cascaded%20classifier%20approach%20for%20improving%20detection%20rates%20on%C2%A0rare%20attack%20categories%20in%20network%20intrusion%20detection.pdf |
| _version_ | 1848790334389092352 |
|---|---|
| author | Khor, Kok Chin Ting, Choo Yee Somnuk, Phon Amnuaisuk |
| author_facet | Khor, Kok Chin Ting, Choo Yee Somnuk, Phon Amnuaisuk |
| author_sort | Khor, Kok Chin |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | Network intrusion detection research work that employed KDDCup 99 dataset often encounter challenges in creating classifiers that could handle unequal distributed attack categories. The accuracy of a classification model could be jeopardized if the distribution of attack categories in a training dataset is heavily imbalanced where the rare categories are less than 2% of the total population. In such cases, the model could not efficiently learn the characteristics of rare categories and this will result in poor detection rates. In this research, we introduce an efficient and effective approach in dealing with the unequal distribution of attack categories. Our approach relies on the training of cascaded classifiers using a dichotomized training dataset in each cascading stage. The training dataset is dichotomized based on the rare and non-rare attack categories. The empirical findings support our arguments that training cascaded classifiers using the dichotomized dataset provides higher detection rates on the rare categories as well as comparably higher detection rates for the non-rare attack categories as compared to the findings reported in other research works. The higher detection rates are due to the mitigation of the influence from the dominant categories if the rare attack categories are separated from the dataset. |
| first_indexed | 2025-11-14T18:10:58Z |
| format | Article |
| id | mmu-3463 |
| institution | Multimedia University |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T18:10:58Z |
| publishDate | 2012 |
| publisher | Springer US |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-34632014-12-17T03:36:00Z http://shdl.mmu.edu.my/3463/ A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection Khor, Kok Chin Ting, Choo Yee Somnuk, Phon Amnuaisuk QA75.5-76.95 Electronic computers. Computer science Network intrusion detection research work that employed KDDCup 99 dataset often encounter challenges in creating classifiers that could handle unequal distributed attack categories. The accuracy of a classification model could be jeopardized if the distribution of attack categories in a training dataset is heavily imbalanced where the rare categories are less than 2% of the total population. In such cases, the model could not efficiently learn the characteristics of rare categories and this will result in poor detection rates. In this research, we introduce an efficient and effective approach in dealing with the unequal distribution of attack categories. Our approach relies on the training of cascaded classifiers using a dichotomized training dataset in each cascading stage. The training dataset is dichotomized based on the rare and non-rare attack categories. The empirical findings support our arguments that training cascaded classifiers using the dichotomized dataset provides higher detection rates on the rare categories as well as comparably higher detection rates for the non-rare attack categories as compared to the findings reported in other research works. The higher detection rates are due to the mitigation of the influence from the dominant categories if the rare attack categories are separated from the dataset. Springer US 2012-03 Article NonPeerReviewed text en http://shdl.mmu.edu.my/3463/1/A%20cascaded%20classifier%20approach%20for%20improving%20detection%20rates%20on%C2%A0rare%20attack%20categories%20in%20network%20intrusion%20detection.pdf Khor, Kok Chin and Ting, Choo Yee and Somnuk, Phon Amnuaisuk (2012) A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection. Applied Intelligence, 36 (2). pp. 320-329. ISSN 0924-669X http://dx.doi.org/10.1007/s10489-010-0263-y doi:10.1007/s10489-010-0263-y doi:10.1007/s10489-010-0263-y |
| spellingShingle | QA75.5-76.95 Electronic computers. Computer science Khor, Kok Chin Ting, Choo Yee Somnuk, Phon Amnuaisuk A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title | A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title_full | A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title_fullStr | A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title_full_unstemmed | A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title_short | A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| title_sort | cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection |
| topic | QA75.5-76.95 Electronic computers. Computer science |
| url | http://shdl.mmu.edu.my/3463/ http://shdl.mmu.edu.my/3463/ http://shdl.mmu.edu.my/3463/ http://shdl.mmu.edu.my/3463/1/A%20cascaded%20classifier%20approach%20for%20improving%20detection%20rates%20on%C2%A0rare%20attack%20categories%20in%20network%20intrusion%20detection.pdf |