Learning Cost-Sensitive Classification Rules for Network Intrusion Detection using RIPPER

Miller, Matthew

A system for automating the process of network intrusion detection is currently underway as part of the JAM Project. This system utilizes many data mining methods to build classifiers of network intrusions which can be used to test live network stream input in order to detect intrusions. This is done by using Link Analysis and Sequence Analysis methods to determine statistical attributes of network connections to build a set of connection profile records that can be useful in detection. These statistical attributes have various costs associated with their computation in a live environment. This paper studies the problem of building rule-sets with a sensitivity to the cost of computing each attribute. Low-cost attributes would be biased wherever possible, using high-cost attributes only when needed for reliable classification.



More About This Work

Academic Units
Computer Science
Department of Computer Science, Columbia University
Columbia University Computer Science Technical Reports, CUCS-035-99
Published Here
April 25, 2011