Abstract
Intrusion detection can be essentially regarded as a classification problem, namely, distinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore, this paper employs the Principle Component Analysis (PCA) approach, an effective data reduction approach, to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these experiments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple “weak learners”. In our experiments, the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides, this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm’s. However, the generalization ability of SVM algorithm is better than boosting algorithm.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Wenke Lee, Salvatore J. Stolfo, et al. A framework for constructing features and models for intrusion detection. ACM Transactions on Information and System Security, 3(2000)4, 227–261.
Anup K. Ghosh, Aaron Schwartzbard. A study in using neural networks for anomaly and misuse. Proceedings of the Eighth USENIX Security Symposium, Washington, August 1999, 141–152.
Klaus Julisch, Marc Dacier. Mining intrusion detection alarms for actionable knowledge. Proceedings of the 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, July 2002, 366–375.
Michael J. Kearns, Leslie G. Valiant. Learning Boolean formulae or finite automata is as hard as factoring. Technical Report TR-14-88, Harvard University Aiken Computation Laboratory, August 1988.
Yoav Freund, Robert E. Schapire. Experiments with a new boosting algorithm. Proceedings of the Thirteenth International Conference on Machine Learning, Morgan Kaufmann, 1996, 148–156.
Yoav Freund, Robert E. Schapire. A decision theoretic generalization of on-line learning and an application to boosting. Journal of Computer and System Sciences, 55(1997)1, 119–139.
KDD cup 99 dataset, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999.
I. T. Jolliffe. Principal Component Analysis. New York, Springer-Verlag, chs. 2, 3.
Quinlan Ross. C4.5: Programs for Machine Learning. San Mateo, CA, Morgan Kaufmann Publishers, ch.2.
Christopher J. C. Burges. A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery, 2(1998)2, 121–167.
J. Platt. Using sparseness and analytic QP to speed training of support vector machines. Advances in Neural Information Processing Systems 11, Cambridge, MA, 1999, 557–563.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported in part by National High-tech R&D Program of China (2003AA142060) and National Basic Research Program of China (2001CB09403).
Communication author: Zan Xin, born in 1974, male, lecturer & Ph.D. candidate. Dept of Automation, Xi’an Jiaotong University, Xi’an 710048, China.
About this article
Cite this article
Zan, X., Han, J., Zhang, J. et al. A boosting approach for intrusion detection. J. of Electron.(China) 24, 369–373 (2007). https://doi.org/10.1007/s11767-005-0201-z
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11767-005-0201-z
Key words
- Network security
- Intrusion Detection System (IDS)
- Machine learning
- Boosting algorithm
- Decision tree
- Support Vector Machine (SVM)