A Partial Memory Incremental Learning Methodology and its Application to Computer Intrusion Detection

This paper discusses work in progress and introduces a partial memory incremental learning methodology. The incremental learning architecture uses hypotheses induced from training examples to determine representative examples, which are maintained for future learning. Criticism and reinforcement from the environment or the user invoke incremental learning once the system is deployed. Such an architecture and development methodology is necessary for applications involving intelligent agents, active vision, and dynamic knowledge-bases. For this study, the methodology is applied to the problem of computer intrusion detection. Several experimental comparisons are made using batch and incremental learning between AQ15c, a feed-forward neural network, and k-nn. Experimental results suggest that AQ15c has several advantages over other methods in terms of predictive accuracy, incremental learning, learning and recognition times, the types of concepts induced by the method, and the types of data from which these methods can learn.