Top

Published in:

2016 | OriginalPaper | Chapter

A Distributed Intrusion Detection Framework Based on Evolved Specialized Ensembles of Classifiers

Authors : Gianluigi Folino, Francesco Sergio Pisani, Pietro Sabatino

Published in: Applications of Evolutionary Computation

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Modern intrusion detection systems must handle many complicated issues in real-time, as they have to cope with a real data stream; indeed, for the task of classification, typically the classes are unbalanced and, in addition, they have to cope with distributed attacks and they have to quickly react to changes in the data. Data mining techniques and, in particular, ensemble of classifiers permit to combine different classifiers that together provide complementary information and can be built in an incremental way. This paper introduces the architecture of a distributed intrusion detection framework and in particular, the detector module based on a meta-ensemble, which is used to cope with the problem of detecting intrusions, in which typically the number of attacks is minor than the number of normal connections. To this aim, we explore the usage of ensembles specialized to detect particular types of attack or normal connections, and Genetic Programming is adopted to generate a non-trainable function to combine each specialized ensemble. Non-trainable functions can be evolved without any extra phase of training and, therefore, they are particularly apt to handle concept drifts, also in the case of real-time constraints. Preliminary experiments, conducted on the well-known KDD dataset and on a more up-to-date dataset, ISCX IDS, show the effectiveness of the approach.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Reducing Efficiency of Connectivity-Splitting Attack on Newscast via Limited Gossip

next chapter UAV Fleet Mobility Model with Multiple Pheromones for Tracking Moving Observation Targets

https://www.caida.org/data/.

http://ita.ee.lbl.gov/index.html.

http://www.icir.org/enterprise-tracing/.

http://www.ll.mit.edu/ideval/data/.

http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

http://mutrics.iitis.pl/flowcalc.

MOA prerelease 2014.01; http://moa.cms.waikato.ac.nz/overview/.

http://www.sigkdd.org/kdd-cup-1999-computer-network-intrusion-detection.

Bhuyan, M., Bhattacharyya, D., Kalita, J.: Network anomaly detection: methods, systems and tools. Commun. Surv. Tutorials IEEE 16, 303–336 (2014)CrossRef

Breiman, L.: Bagging predictors. Mach. Learn. 24, 123–140 (1996)MathSciNetMATH

Freund, Y., Shapire, R.: Experiments with a new boosting algorithm. In: Machine Learning, Proceedings of the Thirteenth International Conference (ICML 1996), Morgan Kaufmann, pp. 148–156 (1996)

Kuncheva, L.: Combining Pattern Classifiers: Methods and Algorithms. Wiley, Chichester (2004)CrossRefMATH

Folino, G., Pizzuti, C., Spezzano, G.: A scalable cellular implementation of parallel genetic programming. IEEE Trans. Evol. Comput. 7, 37–53 (2003)CrossRefMATH

Cuzzocrea, A., Folino, G., Sabatino, P.: A distributed framework for supporting adaptive ensemble-based intrusion detection. In: 2015 IEEE International Conference on Big Data, Big Data 2015, Santa Clara, CA, USA, 29 October - 1 November 2015, pp. 1910–1916 (2015)

Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31, 357–374 (2012)CrossRef

Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H. (ed.) Raid 2015. LNCS, vol. 9404, pp. 3–25. Springer, Heidelberg (2015)CrossRef

Folino, G., Pisani, F.S.: Combining ensemble of classifiers by using genetic programming for cyber security applications. In: Mora, A.M., Squillero, G. (eds.) EvoApplications 2015. LNCS, vol. 9028, pp. 54–66. Springer International Publishing, Switzerland (2015)

10.

Acosta-Mendoza, N., Morales-Reyes, A., Escalante, H.J., Gago-Alonso, A.: Learning to assemble classifiers via genetic programming. IJPRAI 28, 19 (2014)

11.

Tavallaee, M., Stakhanova, N., Ghorbani, A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 40, 516–524 (2010)CrossRef

12.

Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)CrossRef

13.

McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3, 262–294 (2000)CrossRef

14.

Brown, C., Cowperthwaite, A., Hijazi, A., Somayaji, A.: Analysis of the 1999 DARPA/Lincoln laboratory IDS evaluation data with NetADHICT. In: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications. CISDA 2009, Piscataway, NJ, USA, pp. 67–73. IEEE Press (2009)

15.

Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009, pp. 1–6 (2009)

16.

Paxson, V.: Empirically derived analytic models of wide-area TCP connections. IEEE/ACM Trans. Netw. 2, 316–336 (1994)CrossRef

17.

Foremski, P., Callegari, C., Pagano, M.: Waterfall: rapid identification of IP flows using cascade classification. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 14–23. Springer, Heidelberg (2014)CrossRef

18.

Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5, 197–227 (1990)

19.

Schapire, R.E.: Boosting a weak learning by majority. Inf. Comput. 121, 256–285 (1995)MathSciNetCrossRef

20.

Kuncheva, L.: Combining Pattern Classifiers: Methods and Algorithms. Wiley-Interscience, New York (2004)CrossRefMATH

21.

Bahri, E., Harbi, N., Huu, H.N.: Approach based ensemble methods for better and faster intrusion detection. In: Herrero, A., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 17–24. Springer, Heidelberg (2011)CrossRef

Title: A Distributed Intrusion Detection Framework Based on Evolved Specialized Ensembles of Classifiers
Authors: Gianluigi Folino
Francesco Sergio Pisani
Pietro Sabatino
Publisher: Springer International Publishing
Book: Applications of Evolutionary Computation
Print ISBN: 978-3-319-31203-3

Electronic ISBN: 978-3-319-31204-0

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-31204-0_21

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner