Machine Learning for Intrusion Detection: Modeling the Distribution Shift


Farran, Bassam, Saunders, Craig and Niranjan, Mahesan (2010) Machine Learning for Intrusion Detection: Modeling the Distribution Shift At IEEE Workshop on Machine Learning for Signal Processing, Finland. 29 Aug - 01 Sep 2010.

Download

[img] PDF FarranMLSP2010.pdf - Other
Download (224kB)

Description/Abstract

This paper addresses two important issue that arise in formulating and solving computer intrusion detection as a machine learning problem, a topic that has attracted considerable attention in recent years including a communitywide competition using a common data set known as the KDD Cup ’99. The ?rst of these problems we address is the size of the data set, 5 × 10^6 by 41 features, which makes conventional learning algorithms impractical. In previous work, we introduced a one-pass non-parametric classi?cation technique called Voted Spheres, which carves up the input space into a series of overlapping hyperspheres. Training data seen within each hypersphere is used in a voting scheme during testing on unseen data. Secondly, we address the problem of distribution shift whereby the training and test data may be drawn from slightly different probability densities, while the conditional densities of class membership for a given datum remains the same. We adopt two recent techniques from the literature, density weighting and kernel mean matching, to enhance the Voted Spheres technique to deal with such distribution disparities. We demonstrate that substantial performance gains can be achieved using these techniques on the KDD cup data set.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Event Dates: August 29 - September 1, 2010
Venue - Dates: IEEE Workshop on Machine Learning for Signal Processing, Finland, 2010-08-29 - 2010-09-01
Organisations: Southampton Wireless Group
ePrint ID: 272869
Date :
Date Event
August 2010Published
Date Deposited: 28 Sep 2011 09:18
Last Modified: 17 Apr 2017 17:37
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/272869

Actions (login required)

View Item View Item