A decision-theoretic generalization of on-line learning and an application to boosting
Journal of Computer and System Sciences - Special issue: 26th annual ACM symposium on the theory of computing & STOC'94, May 23–25, 1994, and second annual Europe an conference on computational learning theory (EuroCOLT'95), March 13–15, 1995
Online ensemble learning
Fuzzy Online Risk Assessment for Distributed Intrusion Prediction and Prevention Systems
UKSIM '08 Proceedings of the Tenth International Conference on Computer Modeling and Simulation
Incremental estimation of discrete hidden Markov models based on a new backward procedure
AAAI'05 Proceedings of the 20th national conference on Artificial intelligence - Volume 2
Control theoretic approach to intrusion detection using a distributed hidden Markov model
IEEE Wireless Communications
AdaBoost-Based Algorithm for Network Intrusion Detection
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Recognition of visual speech elements using adaptively boosted hidden Markov models
IEEE Transactions on Circuits and Systems for Video Technology
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications: Part I
Adaptive ROC-based ensembles of HMMs applied to anomaly detection
Pattern Recognition
Anomaly based intrusion detection using meta ensemble classifier
Proceedings of the Fifth International Conference on Security of Information and Networks
Hi-index | 0.00 |
Traditional Hidden Markov Model (HMM) has been successfully applied to anomaly intrusion detection. Incremental HMM (IHMM) further improves the training time of HMM. However, both HMM and IHMM still have the problem of high false positive rate. In this paper, we propose an Adaboost-IHMM to combine IHMM and adaboost for anomaly intrusion detection. As adaboost firstly uses many IHMMs to collectively classify samples then decides the results of samples' classifications, the Adaboost-IHMM can improve the accurate rate of classifications. Experimental results with Stide datasets show that the proposed method can significantly improve the false positive rate by 70% without decreasing detection rate. Besides, we also propose a method to adjust the normal profile for avoiding erroneous detection caused by changes of normal behavior. We perform with experiments with realistic datasets extracted from the use of popular browsers. Compared with traditional HMM method, our method can improve the training time by 90% to build a new normal profile.