Abstract
Intrusion Detection Systems (IDSs) play an essential role in today’s network security infrastructures. Their main aim is in finding out traces of intrusion attempts alerting the network administrator as soon as possible, so that she can take suitable countermeasures. In this paper we propose a misuse-based Network Intrusion Detection architecture in which we combine multiple one-class classifiers. Each one-class classifier is trained in order to discriminate between a specific attack and all other traffic patterns. As attacks can be grouped in classes according to a taxonomy, for each attack class a number of one-class classifiers are trained, each one specialized to a specific attack. The proposed multiple classifier architecture combine the outputs of one class classifiers to attain an IDS based on generalized attack signatures. The aim is in labelling a pattern either as normal or as belonging to one of the attack classes according to the adopted taxonomy. The potentials and effectiveness of the proposed approach are analysed and discussed.
Chapter PDF
References
Axelsson, S.: A preliminary attempt to apply detection and estimation theory to intrusion detection. Technical report, Dept. of Computer Engineering, Chalmers Univerity of Technology, Sweden (March 2000)
McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)
Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24(12), 1795–1803 (2003)
Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Networks. In: Jordan, M., et al. (eds.) Advances in Neural Information Processing Systems 10, pp. 943–949. MIT Press, Cambridge (1998)
Cordella, Limongiello, Sansone: Network Intrusion Detection by a Multi-Stage Classification System. In: Roli, F., Kittler, J., Windeatt, T. (eds.) MCS 2004. LNCS, vol. 3077, pp. 324–333. Springer, Heidelberg (2004)
Weber, D.: A Taxonomy of Computer Intrusions. Master’s thesis Massachussets Institute of Technology (1998)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master s thesis, Massachussets Institute of Technology (1999)
KDD Cup 1999 dataset, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Northcutt, S., Novak, J.: Network Intrusion Detection, 2nd edn. New Riders Pub. (2001)
Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. on Inform. and System Security 3(4), 227–261 (2000)
Tax, D.: One-class classification. PhD thesis, Technische Universiteit Delft (2001)
Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms. Wiley, Chichester (2004)
Elkan, C.: Results of the KDD 99 Classifier Learning. ACM SIGKDD Explorations 1(2), 63–64 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Giacinto, G., Perdisci, R., Roli, F. (2005). Network Intrusion Detection by Combining One-Class Classifiers. In: Roli, F., Vitulano, S. (eds) Image Analysis and Processing – ICIAP 2005. ICIAP 2005. Lecture Notes in Computer Science, vol 3617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11553595_7
Download citation
DOI: https://doi.org/10.1007/11553595_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28869-5
Online ISBN: 978-3-540-31866-8
eBook Packages: Computer ScienceComputer Science (R0)