Location: Conferences » Other » The 13th International Conference on Knowledge Discovery and Data Mining » Research Tracks

Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies

author:Gaurav Tandon, Florida Institute of Technology
published: Sept. 14, 2007,   recorded: September 2007,   views: 65
You might be experiencing some problems with Your Video player.

Slides

Slides
0:03 Intrusion Detection Systems
0:22 Learning Rules for Anomaly Detection (LERAD)
2:05 Aspects of Rule Quality
2:38 Predictiveness vs. Belief
for LERAD rule
3:14 Motivation and Problem Statement
3:57 Overview of LERAD
4:47 Anomaly score
5:53 Revisit Validation Step
6:01 Rule Pruning (1)
6:52 Rule Pruning (2)
7:08 Case 1 - Rule Conformed
(Rule Pruning)
7:55 Case 2 - Rule Violated
(Rule Pruning)
8:16 LERAD Rule Generation
8:25 Coverage and Rule Pruning
8:45 LERAD Rule Generation
8:51 Rule Weighting
9:31 Case 1 - Rule Conformed
(Rule Weighting)
10:19 Case 2 - Rule Violated
(Rule Weighting)
11:11 Anomaly Score
11:59 Weighting Method 1:
Winnow-specialist
12:39 Weighting Method 2:
Equal Reward Apportioning
13:09 Weighting Method 3:
Weight of Evidence
13:43 Empirical Evaluation
15:00 AUC% (0.1% FA)
[Random detector AUC= 0.005%]
15:39 AUC% (1% FA)
[Random detector AUC= 0.5%]
15:53 Analysis of new attack(s)
detected by rule weighting
16:42 Overhead
16:51 Summary

Related content

Visitors who watched this lecture also watched...
16:51
Cost-effective Outbreak Detection in Networks
394 views - Jure Leskovec, 2007
03:54:31
Support Vector Machines
12746 views - Chih-Jen Lin, 2006
32:36
The Dynamics of AdaBoost
2891 views - Cynthia Rudin, 2005
20:00
Statistical Change Detection for Multi-Dimensional Data
430 views - Xiuyao Song, 2007
15:28
Multiscale Topic Tomography
148 views - Ramesh Nallapati, 2007
07:35
Enhanced Anytime Algorithm for Induction of Oblivious Decision Trees
78 views - Albina Saveliev, 2007
17:49
Detecting Anomalous Records in Categorical Datasets
135 views - Kaustav Das, 2007
02:07:12
Boosting
3950 views - Robert Schapire, 2005
05:02:23
Statistical Learning Theory
7989 views - John Shawe-Taylor, 2004
05:17
KDD-07 Best Paper Awards
702 views - Thorsten Joachims, 2007

Report a problem or upload files

If you have found a problem with this lecture or would like to send us extra material, articles, exercises, etc., please use our ticket system to describe your request and upload the data.
Enter your e-mail into the 'Cc' field, and we will keep you updated with your request's status.
Lecture popularity: You need to login to cast your vote.

Description

For intrusion detection, the LERAD algorithm learns a succinct set of comprehensible rules for detecting anomalies, which could be novel attacks. LERAD validates the learned rules on a separate held-out validation set and removes rules that cause false alarms. However, removing rules with possible high coverage can lead to missed detections. We propose to retain these rules and associate weights to them. We present three weighting schemes and our empirical results indicate that, for LERAD, rule weighting can detect more attacks than pruning with minimal computational overhead.

See Also:

Download slides icon Download slides: Tandon_kdd07talk.ppt (245.5 KB)

Launch Windows Media PlayerLaunch in a standalone WM Player

WMedia PlayerSwitch to Windows Media Player

View slides View slides

Help icon Streaming Video Help

WebLink icon Windows Media Player Firefox Plugin - Download

Link this page  

Would you like to put a link to this lecture on your homepage?
Go ahead! Copy the HTML snippet !

Write your own review or comment:

make sure you have javascript enabled or clear this field: