Abstract
This study introduces a new method based on Greedy-Boost, a multiple classifier system, for better and faster intrusion detection. Detection of the anomalies in the data-processing networks is regarded as a problem of data classification allowing to use data mining and machine learning techniques to perform intrusion detection. With such automatic processing procedures, human expertise only focuses on a small set of potential anomalies which may result in important time savings and efficiency. In order to be scalable and efficient, these kinds of approaches must respect important requirements. The first is to obtain a high level of precision, that is to be able to detect a maximum of anomalies with a minimum of false alarms. The second is to detect potential anomalies as fast as possible. We propose Greedy-Boost, a new approach of boosting which is based on an adaptive combination of multiple classifiers to perform the precision of the detection. This approach uses an aspect of smooth that ensures stability of the classifier system and offers speed of detection. The experimental results, conducted on the KDD99 dataset, prove that our proposed approach outperforms several state-of-the-art methods, particularly in detecting rare attack types.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Xiang, C., Yong, P.C., Meng, L.S.: Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recognition Letters 29 (2008)
Giacinto, G., Roli, F.: Intrusion detection in computer networks by multiple classifier systems. In: 16th International Conference on Pattern Recognition, Quebec City, Canada (2003)
Zainal, A., Maarof, M.A., Shamsuddin, S.M., Abraham, A.: Ensemble of one-class classifiers for network intrusion detection system. In: Information Assurance and Security (2008)
Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: A multiple classifier system for accurate payload based anomaly detection. Computer Networks 53(6), 864–881 (2009)
Giacinto, G., Perdisci, R., Rio, M.D., Roli, F.: Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion 9, 69–82 (2008)
Giacinto, G., Perdisci, R., Roli, F.: Network Intrusion Detection by Combining One-class Classifiers. In: International Conference on Image Analysis and Processing (2005); Special Session on Intrusion Detection, ICIAP
Abadeh, M.S., Habibi, J., Barzegar, Z., Sergi, M.: A parallel genetic local search algorithm for intrusion detection in computer networks. In: Engineering Applications of Artificial Intelligence, vol. 20, pp. 1058–1069 (2007)
Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensemble of intelligent paradigms. Network and Computer Applications 28, 167–182 (2005)
Zhang, J., Zulkernine, M.: Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection. In: IEEE International Conference on Communications, ICC 2006, pp. 2388–2393 (2006)
DARPA dataset, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/
Shapire, R.: The strength of weak learnability. Machine Learning 5, 197–227 (1990)
Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to Boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)
Shafi, K., Abbass, H.A.: An adaptive genetic-based signature learning system for intrusion detection. Expert Systems with Applications 36(10), 12036–12043 (2009)
Jiang, S.Y., Song, X., Wang, H., Han, J.J., Li, Q.H.: A clustering-based method for unsupervised intrusion detections. Pattern Recognition Letters 27, 802–810 (2006)
Yu, Z., Tsai, J.J.P.: An efficient intrusion detection system using a boosting-based learning algorithm. International Journal of Computer Applications in Technology Achive 27(4) (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bahri, E., Harbi, N., Huu, H.N. (2011). Approach Based Ensemble Methods for Better and Faster Intrusion Detection. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)