Skip to main content
SpringerLink
Log in
Book cover

International Conference on Artificial Neural Networks

ICANN 2018: Artificial Neural Networks and Machine Learning – ICANN 2018 pp 669–681Cite as

A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11139))

Abstract

Security incident tracking systems receive a continuous, unlimited inflow of observations, where in the typical case the most recent ones are the most important. These data flows and characterized by high volatility. Their characteristics can change drastically over time in an unpredictable way, differentiating their typical normal behavior. In most cases it is not possible to store all of the historical samples, since their volume is unlimited. This fact requires the extraction of real-time knowledge over a subset of the flow, which contains a small but recent percentage of all observations. This creates serious objections to the accuracy and reliability of the employed classifiers. The research described herein, uses a Dynamic Ensemble Learning (DYENL) approach for Data Stream Analysis (DELDaStrA) which is employed in RealTime Threat Detection systems. More specifically, it proposes a DYENL model that uses the “Kappa” architecture to perform analysis of data flows. The DELDaStrA is based on the hybrid combination of k Nearest Neighbor (kNN) Classifiers, with Adaptive Random Forest (ARF) and Primal Estimated SubGradient Solver for Support Vector Machines (SVM) (SPegasos). In fact, it performs a dynamic extraction of the weighted average of the three results, to maximize the classification accuracy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ahmim, A., Ghoualmi-Zine, N.: A new adaptive intrusion detection system based on the intersection of two different classifiers. Int. J. Secur. Netw. 9(3), 125–132 (2014)

    Article  Google Scholar 

  2. Aretz, K., Bartram, S.M., Pope, P.F.: Asymmetric loss functions and the rationality of expected stock returns. Int. J. Forecast. 27(2), 413–437 (2011)

    Article  Google Scholar 

  3. Brzezinski, D., Stefanowski, J.: Prequential AUC for classifier evaluation and drift detection in evolving data streams. In: Appice, A., Ceci, M., Loglisci, C., Manco, G., Masciari, E., Ras, Z.W. (eds.) NFMCP 2014. LNCS (LNAI), vol. 8983, pp. 87–101. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17876-9_6

    Chapter  Google Scholar 

  4. Chand, N., Mishra, P., Krishna, C.R., Pilli, E.S., Govil, M.C.: A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection. In: Proceedings - 2016 International Conference on Advances in Computing, Communication and Automation, ICACCA 2016, pp. 1–6 (2016)

    Google Scholar 

  5. Dedić, N., Stanier, C.: Towards differentiating business intelligence, big data, data analytics and knowledge discovery. In: Piazolo, F., Geist, V., Brehm, L., Schmidt, R. (eds.) ERP Future 2016. LNBIP, vol. 285, pp. 114–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58801-8_10

    Chapter  Google Scholar 

  6. Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (eds.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11710-2_2

    Chapter  Google Scholar 

  7. Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 322–334. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07869-4_30

    Chapter  Google Scholar 

  8. Demertzis, K., Iliadis, L.: Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds.) SLDS 2015. LNCS (LNAI), vol. 9047, pp. 223–233. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17091-6_17

    Chapter  Google Scholar 

  9. Demertzis, K., Iliadis, L.: A bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras, N.J., Rassias, M.T. (eds.) Computation, Cryptography, and Network Security, pp. 161–193. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18275-9_7

    Chapter  Google Scholar 

  10. Demertzis, K., Iliadis, L.: SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B. (eds.) ICCCI 2015. LNCS (LNAI), vol. 9330, pp. 235–245. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24306-1_23

    Chapter  Google Scholar 

  11. Demertzis, K., Iliadis, L.: Bio-inspired hybrid intelligent method for detecting android malware. In: Kunifuji, S., Papadopoulos, G.A., Skulimowski, A.M.J., Kacprzyk, J. (eds.) Knowledge, Information and Creativity Support Systems. AISC, vol. 416, pp. 289–304. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-27478-2_20

    Chapter  Google Scholar 

  12. Demertzis, K., Iliadis, L.: Ladon: a cyber-threat bio-inspired intelligence management system. J. Appl. Math. Bioinf. 6(3), 45–64 (2016)

    Google Scholar 

  13. Demertzis, K., Iliadis, L., Spartalis, S.: A spiking one-class anomaly detection framework for cyber-security on industrial control systems. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds.) EANN 2017. CCIS, vol. 744, pp. 122–134. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65172-9_11

    Chapter  Google Scholar 

  14. Demertzis, K., Iliadis, L., Anezakis, V.-D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018)

    Article  Google Scholar 

  15. Demertzis, K., Iliadis, L., Anezakis, V.D.: A deep spiking machine-hearing system for the case of invasive fish species. In: 2017 IEEE International Conference on Innovations in Intelligent Systems and Applications, pp. 23–28. ΙΕΕΕ (2017)

    Google Scholar 

  16. Demertzis, K., Iliadis, L., Anezakis, V.-D.: Commentary: Aedes albopictus and Aedes japonicus—two invasive mosquito species with different temperature niches in Europe. Front. Environ. Sci. 5(DEC), 85 (2017)

    Article  Google Scholar 

  17. Dietterich, Thomas G.: Ensemble methods in machine learning. In: Kittler, J., Roli, F. (eds.) MCS 2000. LNCS, vol. 1857, pp. 1–15. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45014-9_1

    Chapter  Google Scholar 

  18. Farda, N.M.: Multi-temporal land use mapping of coastal wetlands area using machine learning in Google earth engine. In: 5th Geoinformation Science Symposium 2017, vol. 98, no. 1, pp. 1–12 (2017)

    Article  Google Scholar 

  19. Gomes, H.M., et al.: Adaptive random forests for evolving data stream classification. Mach. Learn. 106(9–10), 1469–1495 (2017). https://doi.org/10.1007/s10994-017-5642-8

    Article  MathSciNet  MATH  Google Scholar 

  20. Hurst, W., Merabti, M., Fergus, P.: A survey of critical infrastructure security. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 127–138. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_9

    Chapter  Google Scholar 

  21. Krawczyk, B., Minku, L.L., Gama, J., Stefanowski, J., Woźniak, M.: Ensemble learning for data stream analysis: a survey. Inf. Fus. 37, 132–156 (2017)

    Article  Google Scholar 

  22. Krawczyk, B., Cano, A.: Online ensemble learning with abstaining classifiers for drifting and noisy data streams. Appl. Soft Comput. 68, 677–692 (2018)

    Article  Google Scholar 

  23. Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms, 1st edn. Wiley, Hoboken (2004). ISBN 0-471-21078-1

    Book  Google Scholar 

  24. Kushner, H.J., Yin, G.G.: Stochastic Approximation and Recursive Algorithms and Applications. Stochastic Modeling and Applied Probability, vol. 35, 2nd edn. Springer, Heidelberg (2003). https://doi.org/10.1007/b97441

    Book  MATH  Google Scholar 

  25. Lin, J.: The Lambda and the Kappa. IEEE Internet Comput. 21(5), 60–66 (2017)

    Article  Google Scholar 

  26. Liu, S.M., Liu, T., Wang, Z.Q., Xiu, Y., Liu, Y.X., Meng, C.: data stream ensemble classification based on classifier confidence. J. Appl. Sci. 35(2), 226–232 (2017)

    Google Scholar 

  27. Losing, V., Hammer, B., Wersing, H.: KNN classifier with self-adjusting memory for heterogeneous concept drift. In: 16th IEEE International Conference on Data Mining, vol. 7837853, pp. 291–300. IEEE (2017)

    Google Scholar 

  28. Rani, M.S., Sumathy, S.: Analysis of KNN, C5.0 and one class SVM for intrusion detection system. Int. J. Pharm. Technol. 8(4), 26251–26259 (2016)

    Google Scholar 

  29. Shalev-Shwartz, S., Singer, Y., Srebro, N., Cotter, A.: Pegasos: primal estimated sub-gradient solver for SVM. Math. Program. 127(1), 3–30 (2011)

    Article  MathSciNet  Google Scholar 

  30. Vinagre, J., Jorge, A.M., Gama, J.: Evaluation of recommender systems in streaming environments. In: Workshop on Recommender Systems Evaluation: Dimensions and Design, SV, US, pp. 1–6 (2014)

    Google Scholar 

  31. Wang, C., Fang, L., Dai, Y.: A simulation environment for SCADA security analysis and assessment. In: Conference on Measuring Technology and Mechatronics Automation, vol. 1, pp. 342–347. IEEE (2010)

    Google Scholar 

  32. Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms. Chapman & Hall/CRC Machine Learning & Pattern Recognition Series, 1st edn. CRC Press, T&F, New York (2012)

    Book  Google Scholar 

  33. Žliobaitė, I., Bifet, A., Read, J., Pfahringer, B., Holmes, G.: Evaluation methods and decision theory for classification of streaming data with temporal dependence. Mach. Learn. 98(3), 455–482 (2014)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering, Department of Civil Engineering, Democritus University of Thrace, University Campus, Kimmeria, Xanthi, Greece

    Konstantinos Demertzis & Lazaros Iliadis

  2. Department of Forestry and Management of the Environment and Natural Recourses, Democritus University of Thrace, 193 Pandazidou St., 68200, N Orestiada, Greece

    Vardis-Dimitris Anezakis

Authors
  1. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vardis-Dimitris Anezakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vardis-Dimitris Anezakis .

Editor information

Editors and Affiliations

  1. Czech Academy of Sciences, Prague 8, Czech Republic

    Věra Kůrková

  2. Open University of Cyprus, Latsia, Cyprus

    Yannis Manolopoulos

  3. CITEC Bielefeld University, Bielefeld, Germany

    Barbara Hammer

  4. Democritus University of Thrace, Xanthi, Greece

    Lazaros Iliadis

  5. University of Piraeus, Piraeus, Greece

    Ilias Maglogiannis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Demertzis, K., Iliadis, L., Anezakis, VD. (2018). A Dynamic Ensemble Learning Framework for Data Stream Analysis and Real-Time Threat Detection. In: Kůrková, V., Manolopoulos, Y., Hammer, B., Iliadis, L., Maglogiannis, I. (eds) Artificial Neural Networks and Machine Learning – ICANN 2018. ICANN 2018. Lecture Notes in Computer Science(), vol 11139. Springer, Cham. https://doi.org/10.1007/978-3-030-01418-6_66

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01418-6_66

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01417-9

  • Online ISBN: 978-3-030-01418-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation