Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection
- Publisher: IEEE Computer Society
Current network intrusion detection systems lack\ud adaptability to the frequently changing network environments.\ud Furthermore, intrusion detection in the new distributed archi-\ud tectures is now a major requirement. In this paper, we propose\ud two online Adaboost-based intrusion detection algorithms. In the\ud first algorithm, a traditional online Adaboost process is used\ud where decision stumps are used as weak classifiers. In the second\ud algorithm, an improved online Adaboost process is proposed,\ud and online Gaussian mixture models (GMMs) are used as weak\ud classifiers. We further propose a distributed intrusion detection\ud framework, in which a local parameterized detection model is\ud constructed in each node using the online Adaboost algorithm. A\ud global detection model is constructed in each node by combining\ud the local parametric models using a small number of samples in\ud the node. This combination is achieved using an algorithm based\ud on particle swarm optimization (PSO) and support vector ma-\ud chines. The global model in each node is used to detect intrusions.\ud Experimental results show that the improved online Adaboost\ud process with GMMs obtains a higher detection rate and a lower\ud false alarm rate than the traditional online Adaboost process that\ud uses decision stumps. Both the algorithms outperform existing\ud intrusion detection algorithms. It is also shown that our PSO,\ud and SVM-based algorithm effectively combines the local detection\ud models into the global model in each node; the global model in\ud a node can handle the intrusion types that are found in other\ud nodes, without sharing the samples of these intrusion types.
25 references, page 1 of 3
views in local repository
downloads in local repository
The information is available from the following content providers: