Abstract
With the rapid increase in connectivity and accessibility of computer systems over the internet which has resulted in frequent opportunities for intrusions and attacks, intrusion detection on the network has become a crucial issue for computer system security. Methods based on hand-coded rule sets are laborous to build and not very reliable. This problem has led to an increasing interest in intrusion detection techniques based upon machine learning or data mining. However, traditional data mining based intrusion detection systems use single classifier in their detection engines. In this paper, we propose a meta learning based method for intrusion detection by MultiBoosting multi classifiers. MultiBoosting can form decision committees by combining AdaBoost with wagging. It is able to harness both AdaBoost’s high bias and variance reduction with wagging’s superior variance reduction. Experiments results show that MultiBoosting can improve the detection performance of state-of-art machine learning based intrusion detection techniques. Furthermore, we present a Symmetrical Uncertainty (SU) based method for reducing network connection features to make MultiBoosting more efficient in real-time network environment, in the meanwhile, keep the detection performance unundermined and in some cases, even further improved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schneider, K.-M.: Comparison of Event Models for Naive Bayes Anti-Spam E-Mail Filtering. In: Proceedings of the 10th Conference of the European Chapter of the Association for Computational Linguistics, Budapest, Hungary, pp. 307–314 (April 2003)
Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo, CA (1993)
Witten, I., Frank, E.: Data Mining –Practical Machine Learning Tools and Techniques with Java Implementation. Morgan Kaufmann, San Francisco (2000)
Zhang, Z., Shen, H.: Online Training of SVMs for Real-time Intrusion Detection. In: AINA’04. 18th International Conference on Advanced Information Networking and Applications, p. 568 (2004)
Geoffrey, I.: Webb: MultiBoosting: A Technique for Combining Boosting and Wagging. Machine Learning 40(2), 159–196 (2000)
BenAmor, N., Benferhat, S., ElOuedi, Z.: Naive Bayes vs Decision Trees in Intrusion Detection Systems. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, Springer, Heidelberg (2004)
Ganchev, T., Zervas, P., Fakotakis, N., Kokkinakis, G.: Benchmarking Feature Selection Techniques on the Speaker Verification Task. In: 5th International Symposium on Communication Systems, Network and Digital Signal Processing (July 19-21, 2006)
Hall, M.A., Smith, L.A.: Practical feature subset selection for machine learning. In: Proceedings of the 21st Australian Computer Science Conference, pp. 181–191 (1998)
Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project. In: DISCEX ’00. Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (2000)
KDDCUP99 Dataset Task Description (Accessed 2006), http://kdd.ics.uci.edu/databases/kddcup99/task.html
KDDCUP99 Network Intrusion Detection Benchmark Dataset (Accessed 2006), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Sinclair, S.M.C., Pierce, L.: An Application of Machine Learning to Network Intrusion Detection. In: Proceedings of the 15th Annual Computer Security Applications Conference, Phoenix, AZ, USA, pp. 371–377 (1999)
Kim, B.-J., Kim II, K.: Two-Tier Based Intrusion Detection System. In: Wang, L., Jin, Y. (eds.) FSKD 2005. LNCS (LNAI), vol. 3614, pp. 27–29. Springer, Heidelberg (2005)
Sabhnani, M., Serpen, G.: Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In: MLMTA03. Proceedings of the International Conference on Machine Learning, Models, Technologies and Applications, Las Vegas, NV, pp. 209–215 (June 2003)
Hu, W., Liao, Y., Vemuri, V R.: Robust Support Vector Machines for Anomaly Detection in Computer Security. In: Proceedings of Conference on Machine Learining and Application (2003)
Lee, C.-C., Chung, P.-C., Tsai, J.-R., Chang, C.-I: Robust Radial Basis Function Neural Networks. IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics 29(6) (1999)
Wang, H., et al.: Clustering by Pattern Similarity in Large Data sets. In: SIGMOD, pp. 394–405 (2002)
Guo, G., Li, S.Z., Chan, K.: Face Recognition by Support Vector Machines. In: Fourth IEEE International Conference on Automatic Face and Gesture Recognition, pp. 196–201. IEEE Computer Society Press, Los Alamitos (2000)
Vapnik, V.N.: Statistical learning theory. In: Adaptive and learning systems for signal processing, communications, and control, Wiley, New York (1998)
Anderson, J.P.: Computer security threat monitoring and surveillance. Technical Report, James P Anderson Co. Fort Washington, PA (April 1980)
Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)
Nguyen, B.V.: An Application of Support Vector Machines to Anomaly Detection. Research in Computer Science - Support Vector Machine, report, Fall (2002)
Vigna, G., Kemmerer, R.: Netstat: a network based intrusion detection system. Journal of Computer Security 7(1) (1999)
Symantec.com: Symantec internet security threat report highlights rise in threats to confidential information. (Accessed 2006), Available at http://www.symantec.com/press/2005/n050321.html
Sung, A., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: Symposium on Applications and the Internet, pp. 209–216 (2003)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (1998)
Jin, X., Huang, R., Bie, R.: Detecting Network Attacks via Improved Iterative Scaling. In: INDIN07. Proceedings of the 5th IEEE International Conference on Industrial Informatics, Vienna, Austria, July 23-26 (2007)
Kim, D.S., Park, J.S.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)
Kaplantzis, S., Mani, N.: A Study on Classification Techniques for Network Intrusion Detection. In: NCS06. Proceedings of the IASTED International Conference on Networks and Communication Systems (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bie, R., Jin, X., Chen, C., Xu, C., Huang, R. (2007). Meta Learning Intrusion Detection in Real Time Network. In: de Sá, J.M., Alexandre, L.A., Duch, W., Mandic, D. (eds) Artificial Neural Networks – ICANN 2007. ICANN 2007. Lecture Notes in Computer Science, vol 4668. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74690-4_82
Download citation
DOI: https://doi.org/10.1007/978-3-540-74690-4_82
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74689-8
Online ISBN: 978-3-540-74690-4
eBook Packages: Computer ScienceComputer Science (R0)