1999 Reports
Learning Cost-Sensitive Classification Rules for Network Intrusion Detection using RIPPER
A system for automating the process of network intrusion detection is currently underway as part of the JAM Project. This system utilizes many data mining methods to build classifiers of network intrusions which can be used to test live network stream input in order to detect intrusions. This is done by using Link Analysis and Sequence Analysis methods to determine statistical attributes of network connections to build a set of connection profile records that can be useful in detection. These statistical attributes have various costs associated with their computation in a live environment. This paper studies the problem of building rule-sets with a sensitivity to the cost of computing each attribute. Low-cost attributes would be biased wherever possible, using high-cost attributes only when needed for reliable classification.
Subjects
Files
- cucs-035-99.pdf application/pdf 10.1 KB Download File
More About This Work
- Academic Units
- Computer Science
- Publisher
- Department of Computer Science, Columbia University
- Series
- Columbia University Computer Science Technical Reports, CUCS-035-99
- Published Here
- April 25, 2011