Databases Reference
In-Depth Information
naive Bayesian networks is identical to a threshold based system that
computes the sum of the outputs obtained from the child nodes. Secondly,
because the child nodes do not interact between themselves and their
output only influences the probability of the root node, incorporating
additional information becomes dicult as the variables that contain the
information cannot directly interact with the child nodes. Another area,
within the domain of anomaly detection, where Bayesian networks have
been frequently used is the classification and suppression of false alarms.
Although using the Bayesian for the intrusion detection or intruder behavior
prediction can be very appealing, there are some issues that one should be
concerned about them. Since the accuracy of this method is dependant on
certain assumptions that are typically based on the behavioral model of the
target system, deviating from those assumptions will decrease its accuracy.
Selecting an accurate model will lead to an inaccurate detection system.
Therefore, selecting an accurate behavioral model is not an easy task as
typical systems and/or networks are complex.
Principal
Typical data sets for intrusion
detection are typically very large and multidimensional. With the
growth of high speed networks and distributed network based data
intensive applications storing, processing, transmitting, visualizing and
understanding the data is becoming more complex and expensive. To tackle
the problem of high dimensional datasets, researchers have developed a
dimensionality reduction technique known as Principal component analysis
(PCA).
26-28
In mathematical terms, PCA is a technique where
n
correlated
random variables are transformed into
d<n
uncorrelated variables. The
uncorrelated variables are linear combinations of the original variables
and can be used to express that data in a reduced form. Typically, the
first principal component of the transformation is the linear combination
of the original variables with the largest variance. In other words, the
first principal component is the projection on the direction in which the
variance of the projection is maximized. The second principal component
is the linear combination of the original variables with the second largest
variance and orthogonal to the first principal component, and so on. In
many data sets, the first several principal components contribute most of
the variance in the original data set, so that the rest can be disregarded
with minimal loss of the variance for dimensional reduction of the dataset.
PCA has been widely used in the domain of image compression, pattern
component analysis:
