More Web Proxy on the site http://driver.im/

Article

Naive Bayes vs decision trees in intrusion detection systems

Authors:

Nahla Ben Amor,

Salem Benferhat,

Zied ElouediAuthors Info & Claims

SAC '04: Proceedings of the 2004 ACM symposium on Applied computing

Pages 420 - 424

https://doi.org/10.1145/967900.967989

Published: 14 March 2004 Publication History

Abstract

Bayes networks are powerful tools for decision and reasoning under uncertainty. A very simple form of Bayes networks is called naive Bayes, which are particularly efficient for inference tasks. However, naive Bayes are based on a very strong independence assumption. This paper offers an experimental study of the use of naive Bayes in intrusion detection. We show that even if having a simple structure, naive Bayes provide very competitive results. The experimental study is done on KDD'99 intrusion data sets. We consider three levels of attack granularities depending on whether dealing with whole attacks, or grouping them in four main categories or just focusing on normal and abnormal behaviours. In the whole experimentations, we compare the performance of naive Bayes networks with one of well known machine learning techniques which is decision tree. Moreover, we compare the good performance of Bayes nets with respect to existing best results performed on KDD'99.

References

[1]

Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report 99-15, March 2000.]]

[2]

Breiman, L., Friedman, J. H., Olshen, R. A., Stone, C. J.: Classification and regression trees. Monterey, CA Wadsworth & Brooks, 1984.]]

[3]

Cooper, G. F.: Computational complexity of probabilistic inference using Bayes belief networks. Artificial Intelligence, Vol. 42, 393--405, 1990.]]

Digital Library

[4]

Hyafil, L., Rivest, R. L: Constructing optimal binary decision trees is NP-complete. Information Processing Letters, 5(1):15--17, 1976.]]

[5]

Jensen, F. V.: Introduction to Bayesien networks. UCL Press, 1996.]]

Digital Library

[6]

John, G.: Enhancements to the Data Mining Process. PhD thesis, Stanford University, 1997.]]

Digital Library

[7]

Kumar, S., Spafford., E. H.: A software architecture to support misuse intrusion detection. In proceedings of the 18th National Information Security Conference, 194--204, 1995.]]

[8]

Ilgun, K., Kemmerer., R. A., Porras, P. A.: State transition: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3), 181--199, 1995.]]

Digital Library

[9]

Lunt, T.: Detecting intruders in computer systems. In proceedings of the Sixth Annual Symposium and Technical Displays on Physical and Electronic Security, 1993.]]

[10]

Pearl J.: Probabilistic Reasoning in intelligent systems: networks of plausible inference. Morgan Kaufmman, Los Altos, CA, 1988.]]

Digital Library

[11]

Porras, P. A., Neumann., P. G., EMERALD: Event monitoring enabling responses to anomalous live disturbances. In proceedings of the 20th National Information Systems Security Conference, Baltimore, Maryland, USA, NIST, 353--365, 1997.]]

[12]

Quinlan, J. R.: C4.5, Programs for machine learning. Morgan Kaufmann San Mateo Ca, 1993.]]

Digital Library

[13]

Quinlan, J. R.: Bagging, boosting, and C4.5. Proceedings of the thirteenth national conference on AI, Vol. 1, 725--730, 1997.]]

[14]

Valdes, A., Skinner K.: Adaptive Model-based Monitoring for Cyber Attack Detection. In proceedings of Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, 80--92, 2000.]]

Digital Library

[15]

http://kdd.ccs.uci.edu/databases/kddcup99/task.html]]

[16]

R. Marty: Snort the open source network IDS, http://www.snort.org/, 2001.]]

Cited By

Özdemir ÖKöker RPamuk N(2025)Fault Classification and Precise Fault Location Detection in 400 kV High-Voltage Power Transmission Lines Using Machine Learning AlgorithmsProcesses10.3390/pr1302052713:2(527)Online publication date: 13-Feb-2025
https://doi.org/10.3390/pr13020527
Issa MChen HWang JImani M(2025)CyberRL: Brain-Inspired Reinforcement Learning for Efficient Network Intrusion DetectionIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.341839244:1(241-250)Online publication date: Jan-2025
https://doi.org/10.1109/TCAD.2024.3418392
Shaik AReddy RVullam NReddy GShaik S(2025)An Effective Method for Detecting Cyber Attacks on Computer Networks from the NSL-KDD Data SetITM Web of Conferences10.1051/itmconf/2025740200174(02001)Online publication date: 20-Feb-2025
https://doi.org/10.1051/itmconf/20257402001
Show More Cited By

Naive Bayes vs decision trees in intrusion detection systems
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
    2. Machine learning approaches

Recommendations

Naive Bayes models for probability estimation
ICML '05: Proceedings of the 22nd international conference on Machine learning

Naive Bayes models have been widely used for clustering and classification. However, they are seldom used for general probabilistic learning and inference (i.e., for estimating and computing arbitrary joint, conditional and marginal distributions). In ...
Averaged Naive Bayes Trees: A New Extension of AODE
ACML '09: Proceedings of the 1st Asian Conference on Machine Learning: Advances in Machine Learning

Naive Bayes (NB) is a simple Bayesian classifier that assumes the conditional independence and augmented NB (ANB) models are extensions of NB by relaxing the independence assumption. The averaged one-dependence estimators (AODE) is a classifier that ...
Tree-augmented naïve Bayes-based model for intrusion detection system

Despite enormous efforts for detecting unauthorised attempts to access a system or a network using an Intrusion Detection System (IDS), a major shortcoming still remains, which is the high False Positive (FP) rate, i.e. incorrect classification of the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '04: Proceedings of the 2004 ACM symposium on Applied computing

March 2004

1733 pages

ISBN:1581138121

DOI:10.1145/967900

Conference Chair:
Hisham M. Haddad
Kennesaw State University
,
Program Chairs:
Andrea Omicini
Università degli Studi di Bologna a Cesena
,
Roger L. Wainwright
University of Tulsa
,
Publications Chair:
Lorie M. Liebrock
New Mexico Institute of Mining and Technology

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

SAC04

Sponsor:

SIGAPP

SAC04: The 2004 ACM Symposium on Applied Computing

March 14 - 17, 2004

Nicosia, Cyprus

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

259
Total Citations
View Citations
4,339
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)6

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Özdemir ÖKöker RPamuk N(2025)Fault Classification and Precise Fault Location Detection in 400 kV High-Voltage Power Transmission Lines Using Machine Learning AlgorithmsProcesses10.3390/pr1302052713:2(527)Online publication date: 13-Feb-2025
https://doi.org/10.3390/pr13020527
Issa MChen HWang JImani M(2025)CyberRL: Brain-Inspired Reinforcement Learning for Efficient Network Intrusion DetectionIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.341839244:1(241-250)Online publication date: Jan-2025
https://doi.org/10.1109/TCAD.2024.3418392
Shaik AReddy RVullam NReddy GShaik S(2025)An Effective Method for Detecting Cyber Attacks on Computer Networks from the NSL-KDD Data SetITM Web of Conferences10.1051/itmconf/2025740200174(02001)Online publication date: 20-Feb-2025
https://doi.org/10.1051/itmconf/20257402001
Zhang QImran ABardhi ESwamy TZhang NShahbaz MOlukotun KGavrilovska ATerry D(2024)CARAVANProceedings of the 18th USENIX Conference on Operating Systems Design and Implementation10.5555/3691938.3691956(325-345)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691938.3691956
Ramkumar PSaravanakumar EUma RMareeswari VH. S. N(2024)Intrusion Detection System in Mobile NetworksMachine Learning and Cryptographic Solutions for Data Protection and Network Security10.4018/979-8-3693-4159-9.ch022(364-374)Online publication date: 22-Mar-2024
https://doi.org/10.4018/979-8-3693-4159-9.ch022
Yamgar SN. G. B(2024)Analyzing the Efficacy of Machine Learning Algorithms on Intrusion Detection SystemsEmerging Technologies for Securing the Cloud and IoT10.4018/979-8-3693-0766-3.ch008(196-213)Online publication date: 23-Feb-2024
https://doi.org/10.4018/979-8-3693-0766-3.ch008
Bałdyga MBarański KBelter JKalinowski MWeichbroth P(2024)Anomaly Detection in Railway Sensor Data Environments: State-of-the-Art Methods and Empirical Performance EvaluationSensors10.3390/s2408263324:8(2633)Online publication date: 20-Apr-2024
https://doi.org/10.3390/s24082633
Arreche OGuntur TAbdallah M(2024)XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection SystemsApplied Sciences10.3390/app1410417014:10(4170)Online publication date: 14-May-2024
https://doi.org/10.3390/app14104170
Zhang QImran ABardhi ESwamy TZhang NShahbaz MOlukotun K(2024)Caravan: Practical Online Learning of In-Network ML Models with Labeling AgentsProceedings of the 3rd Workshop on Practical Adoption Challenges of ML for Systems10.1145/3704742.3704964(17-20)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3704742.3704964
Zheng CHong XDing DVargaftik SBen-Itzhak YZilberman N(2024)In-Network Machine Learning Using Programmable Network Devices: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334435126:2(1171-1200)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344351
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten