Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection

Article English OPEN
Weiming, H. ; Jun, G. ; Yanguo, W. ; Ou, W. ; Maybank, Stephen (2014)

Current network intrusion detection systems lack\ud adaptability to the frequently changing network environments.\ud Furthermore, intrusion detection in the new distributed archi-\ud tectures is now a major requirement. In this paper, we propose\ud two online Adaboost-based intrusion detection algorithms. In the\ud first algorithm, a traditional online Adaboost process is used\ud where decision stumps are used as weak classifiers. In the second\ud algorithm, an improved online Adaboost process is proposed,\ud and online Gaussian mixture models (GMMs) are used as weak\ud classifiers. We further propose a distributed intrusion detection\ud framework, in which a local parameterized detection model is\ud constructed in each node using the online Adaboost algorithm. A\ud global detection model is constructed in each node by combining\ud the local parametric models using a small number of samples in\ud the node. This combination is achieved using an algorithm based\ud on particle swarm optimization (PSO) and support vector ma-\ud chines. The global model in each node is used to detect intrusions.\ud Experimental results show that the improved online Adaboost\ud process with GMMs obtains a higher detection rate and a lower\ud false alarm rate than the traditional online Adaboost process that\ud uses decision stumps. Both the algorithms outperform existing\ud intrusion detection algorithms. It is also shown that our PSO,\ud and SVM-based algorithm effectively combines the local detection\ud models into the global model in each node; the global model in\ud a node can handle the intrusion types that are found in other\ud nodes, without sharing the samples of these intrusion types.
  • References (25)
    25 references, page 1 of 3

    [1] D. Denning, “An intrusion detection model,” IEEE Trans. on Software Engineering, vol. SE-13, no. 2, pp. 222-232, Feb. 1987.

    [2] J.B.D. Caberera, B. Ravichandran, and R.K. Mehra, “Statistical traffic modeling for network intrusion detection,” in Proc. of Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 466-473, 2000

    [3] W. Lee, S.J. Stolfo, and K. Mork, “A data mining framework for building intrusion detection models,” in Proc. of IEEE Symposium on Security Privacy, pp. 120-132, May 1999.

    [4] M.E. Otey, A. Ghoting, and S. Parthasarathy, “Fast distributed outlier detection in mixed-attribute data sets,” Data Ming and Knowledge Discovery, vol. 12, no. 2-3, pp. 203-228, May 2006.

    [5] H.G. Kayacik, A.N. Zincir-heywood, and M.T. Heywood, “On the capability of an SOM based intrusion detection system,” in Proc. of International Joint Conference on Neural Networks, vol. 3, pp. 1808-1813, July 2003.

    [6] P.Z. Hu and M.I. Heywood, “Predicting intrusions with local linear model,” in Proc. of International Joint Conference on Neural Networks, vol. 3, pp. 1780-1785, July 2003.

    [7] Z. Zhang and H. Shen, “Online training of SVMs for real-time intrusion detection,” in Proc. of Advanced Information Networking and Applications, vol. 2, pp. 568-573, 2004.

    [8] H. Lee, Y. Chung, and D. Park, “An adaptive intrusion detection algorithm based on clustering and kernel-method,” in Proc .of International Conference on Advanced information Networking and Application, pp.603-610, 2004.

    [9] W. Lee and S.J. Stolfo, “A framework for constructing features and models for intrusion detection systems,” ACM Transactions on Information an System Security, vol. 3, no. 4, pp. 227-261, Nov. 2000.

    [10] A. Fern and R. Givan, “Online ensemble learning: an empirical study,” in Proc. of International Conference on Machine Learning, pp. 279-286, 2000.

  • Metrics
    0
    views in OpenAIRE
    0
    views in local repository
    234
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    Birkbeck Institutional Research Online - IRUS-UK 0 234
Share - Bookmark