Top

Published in:

2018 | OriginalPaper | Chapter

A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection

Authors : Konstantinos Demertzis, Lazaros Iliadis, Vardis-Dimitris Anezakis

Published in: Artificial Neural Networks and Machine Learning – ICANN 2018

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security incident tracking systems receive a continuous, unlimited inflow of observations, where in the typical case the most recent ones are the most important. These data flows and characterized by high volatility. Their characteristics can change drastically over time in an unpredictable way, differentiating their typical normal behavior. In most cases it is not possible to store all of the historical samples, since their volume is unlimited. This fact requires the extraction of real-time knowledge over a subset of the flow, which contains a small but recent percentage of all observations. This creates serious objections to the accuracy and reliability of the employed classifiers. The research described herein, uses a Dynamic Ensemble Learning (DYENL) approach for Data Stream Analysis (DELDaStrA) which is employed in RealTime Threat Detection systems. More specifically, it proposes a DYENL model that uses the “Kappa” architecture to perform analysis of data flows. The DELDaStrA is based on the hybrid combination of k Nearest Neighbor (kNN) Classifiers, with Adaptive Random Forest (ARF) and Primal Estimated SubGradient Solver for Support Vector Machines (SVM) (SPegasos). In fact, it performs a dynamic extraction of the weighted average of the three results, to maximize the classification accuracy.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Game-Theoretic Framework for Interpretable Preference and Feature Learning

next chapter Gaussian Kernel-Based Fuzzy Clustering with Automatic Bandwidth Computation

Ahmim, A., Ghoualmi-Zine, N.: A new adaptive intrusion detection system based on the intersection of two different classifiers. Int. J. Secur. Netw. 9(3), 125–132 (2014)CrossRef

Aretz, K., Bartram, S.M., Pope, P.F.: Asymmetric loss functions and the rationality of expected stock returns. Int. J. Forecast. 27(2), 413–437 (2011)CrossRef

Brzezinski, D., Stefanowski, J.: Prequential AUC for classifier evaluation and drift detection in evolving data streams. In: Appice, A., Ceci, M., Loglisci, C., Manco, G., Masciari, E., Ras, Z.W. (eds.) NFMCP 2014. LNCS (LNAI), vol. 8983, pp. 87–101. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17876-9_6CrossRef

Chand, N., Mishra, P., Krishna, C.R., Pilli, E.S., Govil, M.C.: A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection. In: Proceedings - 2016 International Conference on Advances in Computing, Communication and Automation, ICACCA 2016, pp. 1–6 (2016)

Dedić, N., Stanier, C.: Towards differentiating business intelligence, big data, data analytics and knowledge discovery. In: Piazolo, F., Geist, V., Brehm, L., Schmidt, R. (eds.) ERP Future 2016. LNBIP, vol. 285, pp. 114–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58801-8_10CrossRef

Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11710-2_2CrossRef

Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 322–334. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07869-4_30CrossRef

Demertzis, K., Iliadis, L.: Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds.) SLDS 2015. LNCS (LNAI), vol. 9047, pp. 223–233. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17091-6_17CrossRef

Demertzis, K., Iliadis, L.: A bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras, N.J., Rassias, M.T. (eds.) Computation, Cryptography, and Network Security, pp. 161–193. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18275-9_7CrossRef

10.

Demertzis, K., Iliadis, L.: SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B. (eds.) ICCCI 2015. LNCS (LNAI), vol. 9330, pp. 235–245. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24306-1_23CrossRef

11.

Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Kunifuji, S., Papadopoulos, G.A., Skulimowski, A.M.J., Kacprzyk, J. (eds.) Knowledge, Information and Creativity Support Systems. AISC, vol. 416, pp. 289–304. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-27478-2_20CrossRef

12.

Demertzis, K., Iliadis, L.: Ladon: a cyber-threat bio-inspired intelligence management system. J. Appl. Math. Bioinf. 6(3), 45–64 (2016)

13.

Demertzis, K., Iliadis, L., Spartalis, S.: A spiking one-class anomaly detection framework for cyber-security on industrial control systems. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds.) EANN 2017. CCIS, vol. 744, pp. 122–134. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65172-9_11CrossRef

14.

Demertzis, K., Iliadis, L., Anezakis, V.-D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018)CrossRef

15.

Demertzis, K., Iliadis, L., Anezakis, V.D.: A deep spiking machine-hearing system for the case of invasive fish species. In: 2017 IEEE International Conference on Innovations in Intelligent Systems and Applications, pp. 23–28. ΙΕΕΕ (2017)

16.

Demertzis, K., Iliadis, L., Anezakis, V.-D.: Commentary: Aedes albopictus and Aedes japonicus—two invasive mosquito species with different temperature niches in Europe. Front. Environ. Sci. 5(DEC), 85 (2017)CrossRef

17.

Dietterich, Thomas G.: Ensemble methods in machine learning. In: Kittler, J., Roli, F. (eds.) MCS 2000. LNCS, vol. 1857, pp. 1–15. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45014-9_1CrossRef

18.

Farda, N.M.: Multi-temporal land use mapping of coastal wetlands area using machine learning in Google earth engine. In: 5th Geoinformation Science Symposium 2017, vol. 98, no. 1, pp. 1–12 (2017)CrossRef

19.

Gomes, H.M., et al.: Adaptive random forests for evolving data stream classification. Mach. Learn. 106(9–10), 1469–1495 (2017). https://doi.org/10.1007/s10994-017-5642-8MathSciNetCrossRefMATH

20.

Hurst, W., Merabti, M., Fergus, P.: A survey of critical infrastructure security. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 127–138. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_9CrossRef

21.

Krawczyk, B., Minku, L.L., Gama, J., Stefanowski, J., Woźniak, M.: Ensemble learning for data stream analysis: a survey. Inf. Fus. 37, 132–156 (2017)CrossRef

22.

Krawczyk, B., Cano, A.: Online ensemble learning with abstaining classifiers for drifting and noisy data streams. Appl. Soft Comput. 68, 677–692 (2018)CrossRef

23.

Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms, 1st edn. Wiley, Hoboken (2004). ISBN 0-471-21078-1CrossRef

24.

Kushner, H.J., Yin, G.G.: Stochastic Approximation and Recursive Algorithms and Applications. Stochastic Modeling and Applied Probability, vol. 35, 2nd edn. Springer, Heidelberg (2003). https://doi.org/10.1007/b97441CrossRefMATH

25.

Lin, J.: The Lambda and the Kappa. IEEE Internet Comput. 21(5), 60–66 (2017)CrossRef

26.

Liu, S.M., Liu, T., Wang, Z.Q., Xiu, Y., Liu, Y.X., Meng, C.: data stream ensemble classification based on classifier confidence. J. Appl. Sci. 35(2), 226–232 (2017)

27.

Losing, V., Hammer, B., Wersing, H.: KNN classifier with self-adjusting memory for heterogeneous concept drift. In: 16^th IEEE International Conference on Data Mining, vol. 7837853, pp. 291–300. IEEE (2017)

28.

Rani, M.S., Sumathy, S.: Analysis of KNN, C5.0 and one class SVM for intrusion detection system. Int. J. Pharm. Technol. 8(4), 26251–26259 (2016)

29.

Shalev-Shwartz, S., Singer, Y., Srebro, N., Cotter, A.: Pegasos: primal estimated sub-gradient solver for SVM. Math. Program. 127(1), 3–30 (2011)MathSciNetCrossRef

30.

Vinagre, J., Jorge, A.M., Gama, J.: Evaluation of recommender systems in streaming environments. In: Workshop on Recommender Systems Evaluation: Dimensions and Design, SV, US, pp. 1–6 (2014)

31.

Wang, C., Fang, L., Dai, Y.: A simulation environment for SCADA security analysis and assessment. In: Conference on Measuring Technology and Mechatronics Automation, vol. 1, pp. 342–347. IEEE (2010)

32.

Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms. Chapman & Hall/CRC Machine Learning & Pattern Recognition Series, 1st edn. CRC Press, T&F, New York (2012)CrossRef

33.

Žliobaitė, I., Bifet, A., Read, J., Pfahringer, B., Holmes, G.: Evaluation methods and decision theory for classification of streaming data with temporal dependence. Mach. Learn. 98(3), 455–482 (2014)MathSciNetCrossRef

Title: A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection
Authors: Konstantinos Demertzis
Lazaros Iliadis
Vardis-Dimitris Anezakis
Publisher: Springer International Publishing
Book: Artificial Neural Networks and Machine Learning – ICANN 2018
Print ISBN: 978-3-030-01417-9

Electronic ISBN: 978-3-030-01418-6

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-030-01418-6_66

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner