Abstract
Security incident tracking systems receive a continuous, unlimited inflow of observations, where in the typical case the most recent ones are the most important. These data flows and characterized by high volatility. Their characteristics can change drastically over time in an unpredictable way, differentiating their typical normal behavior. In most cases it is not possible to store all of the historical samples, since their volume is unlimited. This fact requires the extraction of real-time knowledge over a subset of the flow, which contains a small but recent percentage of all observations. This creates serious objections to the accuracy and reliability of the employed classifiers. The research described herein, uses a Dynamic Ensemble Learning (DYENL) approach for Data Stream Analysis (DELDaStrA) which is employed in RealTime Threat Detection systems. More specifically, it proposes a DYENL model that uses the “Kappa” architecture to perform analysis of data flows. The DELDaStrA is based on the hybrid combination of k Nearest Neighbor (kNN) Classifiers, with Adaptive Random Forest (ARF) and Primal Estimated SubGradient Solver for Support Vector Machines (SVM) (SPegasos). In fact, it performs a dynamic extraction of the weighted average of the three results, to maximize the classification accuracy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ahmim, A., Ghoualmi-Zine, N.: A new adaptive intrusion detection system based on the intersection of two different classifiers. Int. J. Secur. Netw. 9(3), 125–132 (2014)
Aretz, K., Bartram, S.M., Pope, P.F.: Asymmetric loss functions and the rationality of expected stock returns. Int. J. Forecast. 27(2), 413–437 (2011)
Brzezinski, D., Stefanowski, J.: Prequential AUC for classifier evaluation and drift detection in evolving data streams. In: Appice, A., Ceci, M., Loglisci, C., Manco, G., Masciari, E., Ras, Z.W. (eds.) NFMCP 2014. LNCS (LNAI), vol. 8983, pp. 87–101. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17876-9_6
Chand, N., Mishra, P., Krishna, C.R., Pilli, E.S., Govil, M.C.: A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection. In: Proceedings - 2016 International Conference on Advances in Computing, Communication and Automation, ICACCA 2016, pp. 1–6 (2016)
Dedić, N., Stanier, C.: Towards differentiating business intelligence, big data, data analytics and knowledge discovery. In: Piazolo, F., Geist, V., Brehm, L., Schmidt, R. (eds.) ERP Future 2016. LNBIP, vol. 285, pp. 114–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58801-8_10
Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11710-2_2
Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 322–334. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07869-4_30
Demertzis, K., Iliadis, L.: Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds.) SLDS 2015. LNCS (LNAI), vol. 9047, pp. 223–233. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17091-6_17
Demertzis, K., Iliadis, L.: A bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras, N.J., Rassias, M.T. (eds.) Computation, Cryptography, and Network Security, pp. 161–193. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18275-9_7
Demertzis, K., Iliadis, L.: SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B. (eds.) ICCCI 2015. LNCS (LNAI), vol. 9330, pp. 235–245. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24306-1_23
Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Kunifuji, S., Papadopoulos, G.A., Skulimowski, A.M.J., Kacprzyk, J. (eds.) Knowledge, Information and Creativity Support Systems. AISC, vol. 416, pp. 289–304. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-27478-2_20
Demertzis, K., Iliadis, L.: Ladon: a cyber-threat bio-inspired intelligence management system. J. Appl. Math. Bioinf. 6(3), 45–64 (2016)
Demertzis, K., Iliadis, L., Spartalis, S.: A spiking one-class anomaly detection framework for cyber-security on industrial control systems. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds.) EANN 2017. CCIS, vol. 744, pp. 122–134. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65172-9_11
Demertzis, K., Iliadis, L., Anezakis, V.-D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018)
Demertzis, K., Iliadis, L., Anezakis, V.D.: A deep spiking machine-hearing system for the case of invasive fish species. In: 2017 IEEE International Conference on Innovations in Intelligent Systems and Applications, pp. 23–28. ΙΕΕΕ (2017)
Demertzis, K., Iliadis, L., Anezakis, V.-D.: Commentary: Aedes albopictus and Aedes japonicus—two invasive mosquito species with different temperature niches in Europe. Front. Environ. Sci. 5(DEC), 85 (2017)
Dietterich, Thomas G.: Ensemble methods in machine learning. In: Kittler, J., Roli, F. (eds.) MCS 2000. LNCS, vol. 1857, pp. 1–15. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45014-9_1
Farda, N.M.: Multi-temporal land use mapping of coastal wetlands area using machine learning in Google earth engine. In: 5th Geoinformation Science Symposium 2017, vol. 98, no. 1, pp. 1–12 (2017)
Gomes, H.M., et al.: Adaptive random forests for evolving data stream classification. Mach. Learn. 106(9–10), 1469–1495 (2017). https://doi.org/10.1007/s10994-017-5642-8
Hurst, W., Merabti, M., Fergus, P.: A survey of critical infrastructure security. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 127–138. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_9
Krawczyk, B., Minku, L.L., Gama, J., Stefanowski, J., Woźniak, M.: Ensemble learning for data stream analysis: a survey. Inf. Fus. 37, 132–156 (2017)
Krawczyk, B., Cano, A.: Online ensemble learning with abstaining classifiers for drifting and noisy data streams. Appl. Soft Comput. 68, 677–692 (2018)
Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms, 1st edn. Wiley, Hoboken (2004). ISBN 0-471-21078-1
Kushner, H.J., Yin, G.G.: Stochastic Approximation and Recursive Algorithms and Applications. Stochastic Modeling and Applied Probability, vol. 35, 2nd edn. Springer, Heidelberg (2003). https://doi.org/10.1007/b97441
Lin, J.: The Lambda and the Kappa. IEEE Internet Comput. 21(5), 60–66 (2017)
Liu, S.M., Liu, T., Wang, Z.Q., Xiu, Y., Liu, Y.X., Meng, C.: data stream ensemble classification based on classifier confidence. J. Appl. Sci. 35(2), 226–232 (2017)
Losing, V., Hammer, B., Wersing, H.: KNN classifier with self-adjusting memory for heterogeneous concept drift. In: 16th IEEE International Conference on Data Mining, vol. 7837853, pp. 291–300. IEEE (2017)
Rani, M.S., Sumathy, S.: Analysis of KNN, C5.0 and one class SVM for intrusion detection system. Int. J. Pharm. Technol. 8(4), 26251–26259 (2016)
Shalev-Shwartz, S., Singer, Y., Srebro, N., Cotter, A.: Pegasos: primal estimated sub-gradient solver for SVM. Math. Program. 127(1), 3–30 (2011)
Vinagre, J., Jorge, A.M., Gama, J.: Evaluation of recommender systems in streaming environments. In: Workshop on Recommender Systems Evaluation: Dimensions and Design, SV, US, pp. 1–6 (2014)
Wang, C., Fang, L., Dai, Y.: A simulation environment for SCADA security analysis and assessment. In: Conference on Measuring Technology and Mechatronics Automation, vol. 1, pp. 342–347. IEEE (2010)
Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms. Chapman & Hall/CRC Machine Learning & Pattern Recognition Series, 1st edn. CRC Press, T&F, New York (2012)
Žliobaitė, I., Bifet, A., Read, J., Pfahringer, B., Holmes, G.: Evaluation methods and decision theory for classification of streaming data with temporal dependence. Mach. Learn. 98(3), 455–482 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Demertzis, K., Iliadis, L., Anezakis, VD. (2018). A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection. In: Kůrková, V., Manolopoulos, Y., Hammer, B., Iliadis, L., Maglogiannis, I. (eds) Artificial Neural Networks and Machine Learning – ICANN 2018. ICANN 2018. Lecture Notes in Computer Science(), vol 11139. Springer, Cham. https://doi.org/10.1007/978-3-030-01418-6_66
Download citation
DOI: https://doi.org/10.1007/978-3-030-01418-6_66
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01417-9
Online ISBN: 978-3-030-01418-6
eBook Packages: Computer ScienceComputer Science (R0)