Open AccessLightweight and Scalable Intrusion Trace Classification Using Interelement Dependency Models Suitable for Wireless Sensor Network Environment
Author(s) -
Dae-Ki Kang
Publication year - 2013
Publication title -
international journal of distributed sensor networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.324
H-Index - 53
eISSN - 1550-1477
pISSN - 1550-1329
DOI - 10.1155/2013/904953
Subject(s) - computer science , scalability , support vector machine , intrusion detection system , data mining , dependency (uml) , naive bayes classifier , benchmark (surveying) , trace (psycholinguistics) , suffix tree , tree (set theory) , set (abstract data type) , artificial intelligence , database , data structure , operating system , mathematical analysis , linguistics , philosophy , mathematics , geodesy , programming language , geography
We present a lightweight and scalable method for classifying network and program traces to detect system intrusion attempts. By employing interelement dependency models to overcome the independence violation problem inherent in the Naive Bayes learners, our method yields intrusion detectors with better accuracy. For efficient and lightweight counting of n-gram features without losing accuracy, we use a k-truncated generalized suffix tree (k-TGST) for storing n-gram features. The k-TGST storage mechanism enables us to scale up the classifiers, which cannot be easily achieved by Support-Vector-Machine- (SVM-) based methods that require implausible computing power and resources for accuracy. Experimental results on a set of practical benchmark datasets show that our method is scalable up to 20-gram with consistent accuracy comparable to SVMs.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom