A Classifier Ensemble Approach to Intrusion Detection for Network-Initiated Attacks

Authors:
Stefanos Koutsoutos;Ioannis T. Christou;Sofoklis Efremidis
Affiliations:
Athens Information Technology, 19.5km Markopoulou Ave. Paiania 19002 Greece skou@ait.edu.gr;Athens Information Technology, 19.5km Markopoulou Ave. Paiania 19002 Greece ichr@ait.edu.gr;INTRACOM S.A. Telecom Solutions, 19
Venue:
Proceedings of the 2007 conference on Emerging Artificial Intelligence Applications in Computer Engineering: Real Word AI Systems with Applications in eHealth, HCI, Information Retrieval and Pervasive Technologies
Year:
2007

Citing 10
Cited 2

C4.5: programs for machine learning

C4.5: programs for machine learning
Neural network fundamentals with graphs, algorithms, and applications

Neural network fundamentals with graphs, algorithms, and applications
A simple, fast, and effective rule learner

AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Computational Explorations in Cognitive Neuroscience: Understanding the Mind by Simulating the Brain

Computational Explorations in Cognitive Neuroscience: Understanding the Mind by Simulating the Brain
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
USTAT: A Real-Time Intrusion Detection System for UNIX

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Combining Pattern Classifiers: Methods and Algorithms

Combining Pattern Classifiers: Methods and Algorithms
Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods

IEEE Transactions on Knowledge and Data Engineering

Detecting fraud in online games of chance and lotteries

Expert Systems with Applications: An International Journal
Decision tree based light weight intrusion detection using a wrapper approach

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a classifier ensemble system using a combination of Neural Networks and rule-based systems as base classifiers that is capable of detecting network-initiated intrusion attacks on web servers. The system can recognize novel attacks (i.e., attacks it has never seen before) and categorize them as such. The performance of the Neural Network in detecting attacks from network data alone is very good with success rates of more than 78% in recognizing new attacks but suffers from high false alarms rates. An ensemble combining the original ANN with a second component that monitors the server's system calls for detecting unusual activity results in high prediction accuracy with very small false alarm rates. We experiment with a variety of ensemble classifiers and decision making schemes for final classification. We report on the results we got from our approach and future directions for this research