A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

With increasing Internet connectivity and traffic volume, recent intrusion incidents have reemphasized the importance of network intrusion detection systems for combating increasingly sophisticated network attacks. Techniques such as pattern recognition and the data mining of network events are often used by intrusion detection systems to classify the network events as either normal events or attack events. Our research study claims that the Hidden Naïve Bayes (HNB) model can be applied to intrusion detection problems that suffer from dimensionality, highly correlated features and high network data stream volumes. HNB is a data mining model that relaxes the Naïve Bayes method’s conditional independence assumption. Our experimental results show that the HNB model exhibits a superior overall performance in terms of accuracy, error rate and misclassification cost compared with the traditional Naïve Bayes model, leading extended Naïve Bayes models and the Knowledge Discovery and Data Mining (KDD) Cup 1999 winner. Our model performed better than other leading state-of-the art models, such as SVM, in predictive accuracy. The results also indicate that our model significantly improves the accuracy of detecting denial-of-services (DoS) attacks.

► Intrusion detection model based on a Hidden Naïve Bayes (HNB) classifier is proposed.
► Model is augmented with PKI discretization and INTERACT feature selection methods.
► HNB exhibits superior predictive performance than other Naïve Bayes models.
► Results show better accuracy performance than leading state-of-the art model SVM.
► Model significantly improves the accuracy of detecting denial-of-services attacks.