Classifier Selection Models for Intrusion Detection System (ids)

Any abnormal activity can be assumed to be anomalies intrusion. In the literature several techniques and algorithms have been discussed for anomaly detection. In the most of cases true positive and false positive parameters have been used to compare their performance. However, depending upon the application a wrong true positive or wrong false positive may have severe detrimental effects. This necessitates inclusion of cost sensitive parameters in the performance. Moreover the most common testing dataset KDD-CUP-99 has huge size of data which intern require certain amount of pre-processing. Our work in this paper starts with enumerating the necessity of cost sensitive analysis with some real life examples. After discussing KDD-CUP-99 an approach is proposed for feature elimination and then features selection to reduce the number of more relevant features directly and size of KDD-CUP-99 indirectly. From the reported literature general methods for anomaly detection are selected which perform best for different types of attacks. These different classifiers are clubbed to form an ensemble. A cost opportunistic technique is suggested to allocate the relative weights to classifiers ensemble for generating the final result. The cost sensitivity of true positive and false positive results is done and a method is proposed to select the elements of cost sensitivity metrics for further improving the results to achieve the overall better performance. The impact on performance trade of due to incorporating the cost sensitivity is discussed.