A partial memory incremental learning methodology and its application to computer intrusion detection

Marcus A. Maloof and Ryszard S. Michalski

This paper discusses work in progress and introduces a partial memory incremental learning methodology. The incremental learning architecture uses hypotheses induced from training examples to determine representative examples, which are maintained for future learning. Criticism and reinforcement from the environment or the user invoke incremental learning once the system is deployed. Such an architecture and development methodology is necessary for applications involving intelligent agents, active vision, and dynamic knowledge-bases. For this study, the methodology is applied to the problem of computerintrusion detection. Several experimental comparisons are made using batch and incremental learning between AQ15c, a feed-forward neural network, and k-NN. Experimental results suggest that AQ15c has several advantages over other methods in terms of predictive accuracy, incremental learning, learning and recognition times, the typesof concepts induced by the method, and the types of data from which these methods can learn.

Paper available in PostScript (gzipped) and PDF.

Maloof, M.A., & Michalski, R.S. (1995). A partial memory incremental learning methodology and its application to computer intrusion detection. Reports of the Machine Learning and Inference Laboratory, MLI 95-2. Machine Learning and Inference Laboratory, Department of Computer Science, George Mason University, Fairfax, VA.

@techreport{maloof.tr.95,
  author = "Maloof, M.A. and Michalski, R.S.",
  title = "A partial memory incremental learning methodology 
    and its application to computer intrusion detection",
  type = "{Reports of the Machine Learning and Inference Laboratory}",
  number = "MLI 95-2",
  year = 1995,
  institution = "Machine Learning and Inference Laboratory, George
    Mason University",
  address = "Fairfax, VA"
}