기계학습 방법에 기반 한 불균형 침입탐지 데이터 분류법의 성능평가에 관한 연구

In this paper, we adjusted the class distribution of train data to increase efficiency in data pre-processing and detect anomalies in an intrusion detection dataset. We conduct an experiment with machine learning algorithms to prove the efficiency of our proposed methods. In general, when using machine learning algorithms, volume of class influences on the results of classification. When the volume of majority classes is larger than that of minority classes, most of samples tend to vote the majority class. We hold the proportion of each rare class to be 0.5% at least, and try to find the proper proportion of rare classes. SMOTE (Synthetic Minority Over-sampling TEchnique) was used to increase the number of instances of rare class. It is difficult to improve the efficiency of classification because KDD CUP 1999 dataset, which are used to our tests, have rare classes such as R2L and U2R. In our research, we analyze various classes and enhance the efficiency of clasfsiciation by adjusting the volume of rare classes. We attempt tiomprove the performance of classification focusing on the rare classes such as U2R, R2L and Probe. The number of instances of U2R, R2L and Probe class in the train data was increased by 12-fold, 9-fol da,nd 1.5 fold, respectively. Recall metrics okf -NN tests went up to 0.11 in U2R class and 0.02 in R2L class. Recall metrics of SVM tests went up to 0.02 in U2R class and 0.08 in R2L class, and those of decision tree tests went up to 0.25.