Dewan Md Farid, Huu-Hoa Nguyen, Jerome Darmont, Nouria Harbi, Mohammad Zahidur Rahman. Scaling up Detection Rates and Reducing False Positives in Intrusion Detection using NBTree. In International Conference on Data Mining and Knowledge Engineering (ICDMKE 10), Rome, Italy. April 2010.
In this paper, we present a new learning algorithm for anomaly based network intrusion detection using improved self adaptive na?ve Bayesian tree (NBTree), which induces a hybrid of decision tree and na?ve Bayesian classifier. The proposed approach scales up the balance detections for different attack types and keeps the false positives at acceptable level in intrusion detection. In complex and dynamic large intrusion detection dataset, the detection accuracy of na?ve Bayesian classifier does not scale up as well as decision tree. It has been successfully tested in other problem domains that na?ve Bayesian tree improves the classification rates in large dataset. In na?ve Bayesian tree nodes contain and split as regular decision-trees, but the leaves contain na?ve Bayesian classifiers. The experimental results on KDD99 benchmark network intrusion detection dataset demonstrate that this new approach scales up the detection rates for different attack types and reduces false positives in network intrusion detection.