A multinomial logistic regression modeling approach for anomaly intrusion detection
Although researchers have long studied using statistical modeling techniques to detect anomaly intrusion and profile user behavior, the feasibility of applying multinomial logistic regression modeling to predict multi-attack types has not been addressed, and the risk factors associated with individu...
Saved in:
| Published in: | Computers & security Vol. 24; no. 8; pp. 662 - 674 |
|---|---|
| Main Author: | |
| Format: | Journal Article |
| Language: | English |
| Published: |
Elsevier Ltd
01.11.2005
|
| Subjects: | |
| ISSN: | 0167-4048, 1872-6208 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Although researchers have long studied using statistical modeling techniques to detect anomaly intrusion and profile user behavior, the feasibility of applying multinomial logistic regression modeling to predict multi-attack types has not been addressed, and the risk factors associated with individual major attacks remain unclear. To address the gaps, this study used the KDD-cup 1999 data and bootstrap simulation method to fit 3000 multinomial logistic regression models with the most frequent attack types (
probe,
DoS,
U2R, and
R2L) as an unordered independent variable, and identified 13 risk factors that are statistically significantly associated with these attacks. These risk factors were then used to construct a final multinomial model that had an ROC area of 0.99 for detecting abnormal events. Compared with the top KDD-cup 1999 winning results that were based on a rule-based decision tree algorithm, the multinomial logistic model-based classification results had similar sensitivity values in detecting
normal (98.3% vs. 99.5%),
probe (85.6% vs. 83.3%), and
DoS (97.2% vs. 97.1%); remarkably high sensitivity in
U2R (25.9% vs. 13.2%) and
R2L (11.2% vs. 8.4%); and a significantly lower overall misclassification rate (18.9% vs. 35.7%). The study emphasizes that the multinomial logistic regression modeling technique with the 13 risk factors provides a robust approach to detect anomaly intrusion. |
|---|---|
| AbstractList | Although researchers have long studied using statistical modeling techniques to detect anomaly intrusion and profile user behavior, the feasibility of applying multinomial logistic regression modeling to predict multi-attack types has not been addressed, and the risk factors associated with individual major attacks remain unclear. To address the gaps, this study used the KDD-cup 1999 data and bootstrap simulation method to fit 3000 multinomial logistic regression models with the most frequent attack types (
probe,
DoS,
U2R, and
R2L) as an unordered independent variable, and identified 13 risk factors that are statistically significantly associated with these attacks. These risk factors were then used to construct a final multinomial model that had an ROC area of 0.99 for detecting abnormal events. Compared with the top KDD-cup 1999 winning results that were based on a rule-based decision tree algorithm, the multinomial logistic model-based classification results had similar sensitivity values in detecting
normal (98.3% vs. 99.5%),
probe (85.6% vs. 83.3%), and
DoS (97.2% vs. 97.1%); remarkably high sensitivity in
U2R (25.9% vs. 13.2%) and
R2L (11.2% vs. 8.4%); and a significantly lower overall misclassification rate (18.9% vs. 35.7%). The study emphasizes that the multinomial logistic regression modeling technique with the 13 risk factors provides a robust approach to detect anomaly intrusion. Although researchers have long studied using statistical modeling techniques to detect anomaly intrusion and profile user behavior, the feasibility of applying multinomial logistic regression modeling to predict multi-attack types has not been addressed, and the risk factors associated with individual major attacks remain unclear. To address the gaps, this study used the KDD-cup 1999 data and bootstrap simulation method to fit 3000 multinomial logistic regression models with the most frequent attack types (probe, DoS, U2R, and R2L) as an unordered independent variable, and identified 13 risk factors that are statistically significantly associated with these attacks. These risk factors were then used to construct a final multinomial model that had an ROC area of 0.99 for detecting abnormal events. Compared with the top KDD-cup 1999 winning results that were based on a rule-based decision tree algorithm, the multinomial logistic model-based classification results had similar sensitivity values in detecting normal (98.3% vs. 99.5%), probe (85.6% vs. 83.3%), and DoS (97.2% vs. 97.1%); remarkably high sensitivity in U2R (25.9% vs. 13.2%) and R2L (11.2% vs. 8.4%); and a significantly lower overall misclassification rate (18.9% vs. 35.7%). The study emphasizes that the multinomial logistic regression modeling technique with the 13 risk factors provides a robust approach to detect anomaly intrusion. |
| Author | Wang, Yun |
| Author_xml | – sequence: 1 givenname: Yun surname: Wang fullname: Wang, Yun email: yun.wang.yw38@yale.edu organization: Center for Outcomes Research and Evaluation, Yale University and Yale New Haven Health System, GB415, 20 York Street, New Haven, CT 06511, USA |
| BookMark | eNp9kE9LAzEQxYMo2Fa_gKc9eduabLKbFLwU8R8UPKjnME1ma0p2U5NU6Ld313ryIAzMHN7vMe9NyWkfeiTkitE5o6y52c5NSDivKK3n41B-QiZMyapsKqpOyWQQyVJQoc7JNKUtpUw2Sk3I67Lo9j67PnQOfOHDxqXsTBFxEzElF_qiCxa96zcF7HYxgPko2hALGAjwh8L1Oe5_dBYzmjxcF-SsBZ_w8nfPyPvD_dvdU7l6eXy-W65Kwxcyl6CoYLw1vGoFFwCqseuGt5UFLhayBpS8tYyDAIkLJejaKNaArW1dGyGB8xm5PvoOb33uMWXduWTQe-gx7JOuFrypOJeDsDoKTQwpRWz1LroO4kEzqsf-9FaP_emxPz0OHd3VH8i4DGO-HMH5_9HbI4pD-i-HUSfjsDdoXRwq0ja4__BvcKKPuw |
| CitedBy_id | crossref_primary_10_1108_CG_08_2016_0169 crossref_primary_10_1038_s41598_020_80371_5 crossref_primary_10_1155_2020_8860418 crossref_primary_10_1016_j_jclepro_2017_11_221 crossref_primary_10_1016_j_procs_2020_08_020 crossref_primary_10_1007_s13278_013_0097_9 crossref_primary_10_1109_JIOT_2022_3197323 crossref_primary_10_1001_jamanetworkopen_2018_1079 crossref_primary_10_1016_j_eswa_2010_04_017 crossref_primary_10_1007_s10586_023_04165_w crossref_primary_10_3390_electronics12051121 crossref_primary_10_1007_s11269_013_0478_x crossref_primary_10_1016_j_eswa_2021_116208 crossref_primary_10_3390_app13169363 crossref_primary_10_1016_j_jss_2018_05_016 crossref_primary_10_1007_s12530_010_9026_6 crossref_primary_10_1186_s13673_016_0076_z crossref_primary_10_1016_j_is_2021_101759 crossref_primary_10_1016_j_comcom_2009_10_010 crossref_primary_10_1109_ACCESS_2021_3106873 crossref_primary_10_1109_ACCESS_2021_3129775 crossref_primary_10_1002_mar_21309 crossref_primary_10_1016_j_autcon_2014_04_002 crossref_primary_10_1080_09397140_2014_892340 crossref_primary_10_1016_j_jphotobiol_2016_11_013 crossref_primary_10_1016_j_future_2019_01_004 crossref_primary_10_1109_ACCESS_2020_2997939 crossref_primary_10_1016_j_envc_2023_100811 crossref_primary_10_3390_app13063792 crossref_primary_10_1057_palgrave_sj_8350073 crossref_primary_10_1016_j_asoc_2025_113298 crossref_primary_10_1002_phy2_6 crossref_primary_10_1016_j_cose_2022_102709 crossref_primary_10_1016_j_egyr_2022_11_116 crossref_primary_10_1016_j_ufug_2022_127551 crossref_primary_10_3390_digital2040027 crossref_primary_10_3390_jmse11010221 crossref_primary_10_1016_j_eswa_2018_03_027 crossref_primary_10_1016_j_jnca_2022_103392 crossref_primary_10_3390_app12031550 crossref_primary_10_1007_s10462_012_9372_9 crossref_primary_10_1155_2022_1942847 crossref_primary_10_3390_info13120553 crossref_primary_10_1016_j_comnet_2021_108008 crossref_primary_10_1016_j_sysarc_2017_10_011 crossref_primary_10_1061__ASCE_ME_1943_5479_0000910 crossref_primary_10_1080_15536548_2007_10855825 crossref_primary_10_1016_j_comcom_2006_07_018 crossref_primary_10_3390_math9080902 crossref_primary_10_3390_app12094184 crossref_primary_10_1287_ijoc_2022_0132 crossref_primary_10_1038_s41598_022_25237_8 crossref_primary_10_1109_TNSM_2021_3078381 crossref_primary_10_1016_j_compeleceng_2013_02_005 crossref_primary_10_1002_cpe_3955 crossref_primary_10_1016_j_inffus_2015_04_001 crossref_primary_10_1016_j_procs_2015_08_528 crossref_primary_10_1061__ASCE_MT_1943_5533_0000588 |
| Cites_doi | 10.1016/S0167-4048(03)00112-3 |
| ContentType | Journal Article |
| Copyright | 2005 Elsevier Ltd |
| Copyright_xml | – notice: 2005 Elsevier Ltd |
| DBID | AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1016/j.cose.2005.05.003 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1872-6208 |
| EndPage | 674 |
| ExternalDocumentID | 10_1016_j_cose_2005_05_003 S0167404805000751 |
| GroupedDBID | --K --M -~X .DC .~1 0R~ 1B1 1RT 1~. 1~5 29F 4.4 457 4G. 5GY 5VS 7-5 71M 8P~ 9JN AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN ABBOA ABFSI ABMAC ABXDB ABYKQ ACDAQ ACGFO ACGFS ACNNM ACRLP ACZNC ADBBV ADEZE ADHUB ADJOM ADMUD AEBSH AEKER AENEX AFFNX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 E.L EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HLX HLZ HVGLF HZ~ IHE J1W KOM LG8 LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG RNS ROL RPZ RXW SBC SBM SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TAE TN5 TWZ WH7 WUQ XJE XPP XSW YK3 ZMT ~G- 9DU AATTM AAXKI AAYWO AAYXX ABJNI ABWVN ACLOT ACRPL ACVFH ADCNI ADNMO AEIPS AEUPX AFJKZ AFPUW AGQPQ AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP CITATION EFKBS ~HD 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c397t-a80413fc32f434aa86db63f2da34975ae73fd13a4a7e9840bc816ad5d55c47a33 |
| ISICitedReferencesCount | 74 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000234189600023&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 0167-4048 |
| IngestDate | Sat Sep 27 17:11:42 EDT 2025 Sat Nov 29 05:55:37 EST 2025 Tue Nov 18 21:56:34 EST 2025 Fri Feb 23 02:20:18 EST 2024 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 8 |
| Keywords | Bootstrap Multinomial logistic regression model Computer security Intrusion detection Classification |
| Language | English |
| License | https://www.elsevier.com/tdm/userlicense/1.0 |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c397t-a80413fc32f434aa86db63f2da34975ae73fd13a4a7e9840bc816ad5d55c47a33 |
| Notes | ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 23 |
| PQID | 29362337 |
| PQPubID | 23500 |
| PageCount | 13 |
| ParticipantIDs | proquest_miscellaneous_29362337 crossref_primary_10_1016_j_cose_2005_05_003 crossref_citationtrail_10_1016_j_cose_2005_05_003 elsevier_sciencedirect_doi_10_1016_j_cose_2005_05_003 |
| PublicationCentury | 2000 |
| PublicationDate | 2005-11-01 |
| PublicationDateYYYYMMDD | 2005-11-01 |
| PublicationDate_xml | – month: 11 year: 2005 text: 2005-11-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationTitle | Computers & security |
| PublicationYear | 2005 |
| Publisher | Elsevier Ltd |
| Publisher_xml | – name: Elsevier Ltd |
| References | Lunt T, Javitz H, Valdes A. A real-time intrusion detection expert system (IDES). SRI Project 6784, SRI International Technical Report; 1992. Qin, Hwang (bib18) 2004 Shyu, Chen, Sarinnapakorn, Chang (bib14) 2003 McFadden (bib23) 1974 Cannady (bib3) 1998 KDD-Cup (bib20) 1999 Cannady (bib4) 2000 Zhou, Lang (bib19) 2003 INFOSEC Research Council (bib27) January 21, 2004 Bridges, Vaughn (bib11) 2000 Stolfo, Fan, Lee, Prodromidis, Chan (bib22) 2000 Dacid, Hosmer (bib25) 2000 Masum, Ye, Chen, Noh (bib17) 2000 Kosko (bib10) 1993 Zhang, Li, Manikopoulos, Jorgenson, Ucles (bib5) 2001 Barbard, Wu, Jajodia (bib16) 2001 Efron, Tibshirani (bib24) 1994 Gomez, Dasgupta (bib12) 2002 Taylor, Alves-Foss (bib15) 2001 Hossain, Bridges (bib9) 2001 Sekar, Bendre, Dhurjati, Bollinei (bib13) 2001 Elkan (bib26) 2000; 3 Gao, Ma, Yang (bib7) 2002 Taylor, Alves-Foss (bib28) 2002 Anderson (bib1) 1980 Lippmann, Cunningham (bib2) 1999 Cho, Park (bib8) 2003; 22 Cannady (10.1016/j.cose.2005.05.003_bib4) 2000 Efron (10.1016/j.cose.2005.05.003_bib24) 1994 Barbard (10.1016/j.cose.2005.05.003_bib16) 2001 Qin (10.1016/j.cose.2005.05.003_bib18) 2004 Lippmann (10.1016/j.cose.2005.05.003_bib2) 1999 Shyu (10.1016/j.cose.2005.05.003_bib14) 2003 Anderson (10.1016/j.cose.2005.05.003_bib1) 1980 Zhang (10.1016/j.cose.2005.05.003_bib5) 2001 Masum (10.1016/j.cose.2005.05.003_bib17) 2000 10.1016/j.cose.2005.05.003_bib6 KDD-Cup (10.1016/j.cose.2005.05.003_bib20) 1999 Hossain (10.1016/j.cose.2005.05.003_bib9) 2001 McFadden (10.1016/j.cose.2005.05.003_bib23) 1974 Stolfo (10.1016/j.cose.2005.05.003_bib22) 2000 Gomez (10.1016/j.cose.2005.05.003_bib12) 2002 Dacid (10.1016/j.cose.2005.05.003_bib25) 2000 Zhou (10.1016/j.cose.2005.05.003_bib19) 2003 INFOSEC Research Council (10.1016/j.cose.2005.05.003_bib27) Taylor (10.1016/j.cose.2005.05.003_bib28) 2002 Taylor (10.1016/j.cose.2005.05.003_bib15) 2001 Kosko (10.1016/j.cose.2005.05.003_bib10) 1993 Bridges (10.1016/j.cose.2005.05.003_bib11) 2000 Gao (10.1016/j.cose.2005.05.003_bib7) 2002 Sekar (10.1016/j.cose.2005.05.003_bib13) 2001 Cannady (10.1016/j.cose.2005.05.003_bib3) 1998 Cho (10.1016/j.cose.2005.05.003_bib8) 2003; 22 Elkan (10.1016/j.cose.2005.05.003_bib26) 2000; 3 |
| References_xml | – year: 2001 ident: bib9 article-title: A framework for an adaptive intrusion detection system with data mining publication-title: Proceedings of the 13th Canadian information technology security symposium – year: 2003 ident: bib14 article-title: A novel anomaly detection scheme based on principal component classifier publication-title: Proceedings of the IEEE foundations and new directions of data mining workshop, in conjunction with the 3rd IEEE International Conference on Data Mining (ICDM) – year: 2002 ident: bib12 article-title: Evolving fuzzy classifiers for intrusion detection publication-title: Proceedings of 3rd annual IEEE information assurance workshop – year: 1998 ident: bib3 article-title: The application of artificial neural networks to misuse detection: initial results publication-title: Proceedings of the 1st international workshop on the Recent Advances in Intrusion Detection (RAID) – year: 2001 ident: bib16 article-title: Detecting novel network intrusions using Bayes estimators publication-title: Proceedings of the 1st SIAM international conference on data mining – year: 1999 ident: bib2 article-title: Improving intrusion detection performance using keyword selection and neural networks publication-title: Proceedings of the second international workshop on Recent Advances in Intrusion Detection (RAID99) – year: 2001 ident: bib13 article-title: A fast automaton-based method for detecting anomalous program behavior publication-title: Proceedings of the IEEE symposium on security and privacy – reference: Lunt T, Javitz H, Valdes A. A real-time intrusion detection expert system (IDES). SRI Project 6784, SRI International Technical Report; 1992. – year: 2000 ident: bib25 article-title: Applied logistic regression – year: 2003 ident: bib19 article-title: Mining frequency content of network traffic for intrusion detection publication-title: Proceedings of the IASTED international conference on communication, network, and information security – year: 2002 ident: bib28 article-title: An empirical analysis of NATE: network analysis of anomalous traffic events publication-title: Proceedings of the 10th new security paradigms workshop – volume: 22 start-page: 45 year: 2003 end-page: 55 ident: bib8 article-title: Efficient anomaly detection by modeling privilege flows using hidden Markov model publication-title: Computer and Security – year: 1994 ident: bib24 article-title: An introduction to the bootstrap – year: 2002 ident: bib7 article-title: HMMS (hidden Markov models) based on anomaly intrusion detection method publication-title: Proceedings of the first international conference on machine learning and cybernetics – year: 1999 ident: bib20 publication-title: KDD data available on the web – year: 2001 ident: bib5 article-title: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification publication-title: Proceedings of the 2001 IEEE workshop on information assurance and security – year: 1993 ident: bib10 article-title: Fuzzy thinking, the new science of fuzzy logic – year: 2000 ident: bib17 article-title: Chi-square statistical profiling for anomaly detection publication-title: Proceedings of the 2000 IEEE workshop on information assurance and security – year: 2000 ident: bib4 article-title: Next generation intrusion detection: autonomous reinforcement learning of network attacks publication-title: Proceedings of the 23rd national information systems security conference – year: January 21, 2004 ident: bib27 article-title: National scale INFOSEC research hard problems list – year: 2000 ident: bib22 article-title: Cost-based modeling and evaluation for data mining with application to fraud and intrusion detection publication-title: Proceedings of the DARPA information survivability conference – year: 1980 ident: bib1 article-title: Computer security threat monitoring and surveillance – year: 2004 ident: bib18 article-title: Frequent rules for intrusive anomaly detection with Internet datamining publication-title: Proceedings of the 13th USENIX security symposium – start-page: 105 year: 1974 end-page: 142 ident: bib23 article-title: Conditional logit analysis of qualitative choice behavior publication-title: Frontiers in econometrics – volume: 3 start-page: 262 year: 2000 end-page: 294 ident: bib26 article-title: Results of the KDD' 99 classifier learning contest publication-title: ACM Transactions on Information and System Security – year: 2001 ident: bib15 article-title: “Low cost” network intrusion detection publication-title: Proceedings of the new security paradigms workshop – year: 2000 ident: bib11 article-title: Fuzzy data mining and genetic algorithms applied to intrusion detection publication-title: Proceedings of the 23rd national information systems security conference – year: 2002 ident: 10.1016/j.cose.2005.05.003_bib28 article-title: An empirical analysis of NATE: network analysis of anomalous traffic events – year: 1980 ident: 10.1016/j.cose.2005.05.003_bib1 – year: 2001 ident: 10.1016/j.cose.2005.05.003_bib16 article-title: Detecting novel network intrusions using Bayes estimators – year: 1994 ident: 10.1016/j.cose.2005.05.003_bib24 – year: 2000 ident: 10.1016/j.cose.2005.05.003_bib25 – volume: 3 start-page: 262 issue: 4 year: 2000 ident: 10.1016/j.cose.2005.05.003_bib26 article-title: Results of the KDD' 99 classifier learning contest publication-title: ACM Transactions on Information and System Security – year: 2003 ident: 10.1016/j.cose.2005.05.003_bib19 article-title: Mining frequency content of network traffic for intrusion detection – volume: 22 start-page: 45 issue: 1 year: 2003 ident: 10.1016/j.cose.2005.05.003_bib8 article-title: Efficient anomaly detection by modeling privilege flows using hidden Markov model publication-title: Computer and Security doi: 10.1016/S0167-4048(03)00112-3 – year: 2000 ident: 10.1016/j.cose.2005.05.003_bib17 article-title: Chi-square statistical profiling for anomaly detection – year: 2001 ident: 10.1016/j.cose.2005.05.003_bib15 article-title: “Low cost” network intrusion detection – year: 2001 ident: 10.1016/j.cose.2005.05.003_bib9 article-title: A framework for an adaptive intrusion detection system with data mining – year: 2000 ident: 10.1016/j.cose.2005.05.003_bib4 article-title: Next generation intrusion detection: autonomous reinforcement learning of network attacks – year: 2001 ident: 10.1016/j.cose.2005.05.003_bib13 article-title: A fast automaton-based method for detecting anomalous program behavior – year: 2002 ident: 10.1016/j.cose.2005.05.003_bib12 article-title: Evolving fuzzy classifiers for intrusion detection – year: 1999 ident: 10.1016/j.cose.2005.05.003_bib20 publication-title: KDD data available on the web – year: 1999 ident: 10.1016/j.cose.2005.05.003_bib2 article-title: Improving intrusion detection performance using keyword selection and neural networks – year: 2003 ident: 10.1016/j.cose.2005.05.003_bib14 article-title: A novel anomaly detection scheme based on principal component classifier – year: 2002 ident: 10.1016/j.cose.2005.05.003_bib7 article-title: HMMS (hidden Markov models) based on anomaly intrusion detection method – ident: 10.1016/j.cose.2005.05.003_bib6 – year: 2000 ident: 10.1016/j.cose.2005.05.003_bib22 article-title: Cost-based modeling and evaluation for data mining with application to fraud and intrusion detection – year: 2000 ident: 10.1016/j.cose.2005.05.003_bib11 article-title: Fuzzy data mining and genetic algorithms applied to intrusion detection – ident: 10.1016/j.cose.2005.05.003_bib27 – year: 2001 ident: 10.1016/j.cose.2005.05.003_bib5 article-title: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification – start-page: 105 year: 1974 ident: 10.1016/j.cose.2005.05.003_bib23 article-title: Conditional logit analysis of qualitative choice behavior – year: 1998 ident: 10.1016/j.cose.2005.05.003_bib3 article-title: The application of artificial neural networks to misuse detection: initial results – year: 2004 ident: 10.1016/j.cose.2005.05.003_bib18 article-title: Frequent rules for intrusive anomaly detection with Internet datamining – year: 1993 ident: 10.1016/j.cose.2005.05.003_bib10 |
| SSID | ssj0017688 |
| Score | 2.094116 |
| Snippet | Although researchers have long studied using statistical modeling techniques to detect anomaly intrusion and profile user behavior, the feasibility of applying... |
| SourceID | proquest crossref elsevier |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 662 |
| SubjectTerms | Bootstrap Classification Computer security Intrusion detection Multinomial logistic regression model |
| Title | A multinomial logistic regression modeling approach for anomaly intrusion detection |
| URI | https://dx.doi.org/10.1016/j.cose.2005.05.003 https://www.proquest.com/docview/29362337 |
| Volume | 24 |
| WOSCitedRecordID | wos000234189600023&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3da9UwFA-y-eCL3-KcH3nwTTrapmmSx4tMVGQIm3J9KmmSimPLHfZO9ufvnHy014lDBaGUUpoW8ktPfjk5v3MIeQnAaqANVWEq3ReNdqxQRpmiAu6quOt7G3Lpff4gDg7kcqk-piqdYygnILyXFxfq7L9CDfcAbJTO_gXc00vhBlwD6HAG2OH8R8AvYpAgyo2h-6PCJ-Rp_hpDXn2sfhPEiSmheAqlXJ3qE5QBog4Dn7NuHQK1_CaDzWUgxjBoxlT-bvbLR9vx5dz_5E_gSVg3Obmy0GWOKgp-R0yPXsakmHsu2kop6qKtS7lpTKMgOg0auWEZ22R04yTbxtI8v9jv6Eo43sNg_eTwQp8Xm2erKYbwMAgoUBLPA_GBJfB2LbgC07a9eLe_fD9tJsGKSk4p3qFB0k7FML-rX_odP7kyUwf6cXSX3E7rBrqIeN8jN5y_T-5kMGgy0Q_I4YJuwE8z_HSGn2b4aYafAvw0wU8n-OkE_0Py6c3-0eu3RSqcURigl-tCY1IpNhhWDw1rtJat7Vs21FazRgmunWCDrZhutHAKVvi9kVWrLbecm0Zoxh6RLb_y7jGhfd0MrDQ1Mxa31IWW0hqmdWmwkkCjdkiVu6szKas8Fjc56XL44HGHXYzlTnmHR8l2yKupzVnMqXLt0zyj0CVWGNleB4Pm2nYvMmQdmEzcB9Perc7HDhgukH4mnvzjm3fJrfnHeUq2ABb3jNw0P9bfxu_P0-i7BEFqlAs |
| linkProvider | Elsevier |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+multinomial+logistic+regression+modeling+approach+for+anomaly+intrusion+detection&rft.jtitle=Computers+%26+security&rft.au=Wang%2C+Yun&rft.date=2005-11-01&rft.pub=Elsevier+Ltd&rft.issn=0167-4048&rft.eissn=1872-6208&rft.volume=24&rft.issue=8&rft.spage=662&rft.epage=674&rft_id=info:doi/10.1016%2Fj.cose.2005.05.003&rft.externalDocID=S0167404805000751 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon |