Proper Use of ROC Curves in Intrusion/Anomaly Detection
نویسندگان
چکیده
ROC curves (receiver operating characteristic curves) are commonly used to portray the performance of detectors in signal-detection tasks, such as intrusion detection. This report introduces the origins of signal-detection-theory, and the underpinnings of ROC curves. It provides examples of how to construct these curves, as well as how to measure, interpret and compare them. Information about accommodating cost of error is included. Materials are suggested for further reading.
منابع مشابه
Fuzzy Logic Course Project Fuzzy Roc Curves for the One-class Svm: Application to Intrusion Detection
A novel method for receiver operating characteristic (ROC) curve analysis and anomaly detection is proposed. The ROC curve provides a measure of effectiveness for binary classification problems, and this paper specifically addresses unbalanced, unsupervised, binary classification problems. Furthermore, this work explores techniques in fusing decision values from classifiers and using ROC curves...
متن کاملAnomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAn Improved Method to Detect Intrusion Using Machine Learning Algorithms
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm security and trust of computer system. IDS operate either on host or network level via utilizing anomaly detection or misuse detection. Main problem is to correctly detect intruder attack against computer network. The key point of successful detection of intrusion is choice of proper featur...
متن کامل