Skip to main content
SpringerLink
Log in

Network Intrusion Detection by a Multi-stage Classification System

  • Conference paper
Multiple Classifier Systems (MCS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3077))

Included in the following conference series:

Abstract

A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed. The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification, so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without raising an alert for the system manager. This permits to reduce the number of false alarms.

The proposed multi-stage intrusion detection system has been tested on two different services (http and ftp) of a standard database used for benchmarking intrusion detection systems. The experimental analysis highlights the effectiveness of the approach: the proposed system behaves significantly better than other multi-expert systems performing classification in a single stage.

This work has been partially supported by the Ministero dell’Istruzione, dell’Università e della Ricerca (MIUR) in the framework of the FIRB Project ”Middleware for advanced services over large-scale, wired-wireless distributed systems (WEB-MINDS)”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Axelsson, S.: Research in Intrusion Detection Systems: A Survey, TR 98-17, Chalmers University of Technology (1999)

    Google Scholar 

  2. Kumar, R., Spafford, E.H.: A Software Architecture to Support Misuse Intrusion Detection. In: Proceedings of the 18th National Information Security Conference, pp. 194–204 (1995)

    Google Scholar 

  3. Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. 8’th USENIX Security Symposium, Washington DC, August 26-29 (1999)

    Google Scholar 

  4. Lane, T., Brodley, C.E.: Temporal Sequence learning and data reduction for anomaly detection. ACM Trans. on Inform. and System Security 2(3), 261–295 (1999)

    Google Scholar 

  5. Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, Master’s Thesis, Massachusetts Institute of Technology (1998)

    Google Scholar 

  6. Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24, 1795–1803 (2003)

    Article  Google Scholar 

  7. Elkan, C.: Results of the KDD99 classifier learning. KDD 1999 1, 63–64 (2000)

    Article  Google Scholar 

  8. Lee, S.C., Heinbuch, D.V.: Training a neural Network based intrusion detector to recognize novel attack. IEEE Trans. Syst, Man., and Cybernetic, Part-A 31, 294–299 (2001)

    Article  Google Scholar 

  9. Fugate, M., Gattiker, J.R.: Computer Intrusion Detection with Classification and Anomaly Detection, using SVMs. International Journal of Pattern Recognition and artificial Intelligence 17(3), 441–458 (2003)

    Article  Google Scholar 

  10. Giacinto, G., Roli, F., Didaci, L.: A Modular Multiple Classifier System for the Detection of Intrusions. In: Windeatt, T., Roli, F. (eds.) MCS 2003. LNCS, vol. 2709, pp. 346–355. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Beale, J., Foster, J.C.: Snort 2.0 Intrusion Detection. Syngress Publishing, Inc., Rockland (2003)

    Google Scholar 

  12. Cordella, L.P., Sansone, C., Tortorella, F., Vento, M., De Stefano, C.: Neural Networks Classification Reliability. In: Leondes, C.T. (ed.) Academic Press theme volumes on Neural Network Systems, Techniques and Applications, vol. 5, pp. 161–199. Academic Press, London (1998)

    Google Scholar 

  13. Sansone, C., Tortorella, F., Vento, M.: A Classification Reliability Driven Reject Rule for Multi-Expert Systems. International Journal of Pattern Recognition and Artificial Intelligence 15(6), 885–904 (2001)

    Article  Google Scholar 

  14. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Inform. System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica e Sistemistica, Università degli Studi di Napoli ”Federico II”, Via Claudio 21, I-80125, Napoli, Italy

    Luigi Pietro Cordella & Carlo Sansone

  2. Dip. di Ingegn. dell’Informazione ed Ingegn. Elettrica, Università degli Studi di Salerno, Via Ponte Don Melillo I, I-84084, Fisciano, (SA), Italy

    Alessandro Limongiello

Authors
  1. Luigi Pietro Cordella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alessandro Limongiello
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carlo Sansone
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronic Engineering, Piazza d’Armi, University of Cagliari, 09123, Cagliari, Italy

    Fabio Roli

  2. Centre for Vision, Speech and Signal Processing, University of Surrey, GU2 7XH, Guildford, UK

    Josef Kittler

  3. Centre for Vision, Speech and Signal Proc (CVSSP), University of Surrey, GU2 7XH, Guildford, Surrey, United Kingdom

    Terry Windeatt

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cordella, L.P., Limongiello, A., Sansone, C. (2004). Network Intrusion Detection by a Multi-stage Classification System. In: Roli, F., Kittler, J., Windeatt, T. (eds) Multiple Classifier Systems. MCS 2004. Lecture Notes in Computer Science, vol 3077. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25966-4_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25966-4_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22144-9

  • Online ISBN: 978-3-540-25966-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation