Testing ensembles for intrusion detection: On the identification of mutated network scans

Authors:
Silvia González;Javier Sedano;Álvaro Herrero;Bruno Baruque;Emilio Corchado
Affiliations:
Instituto Tecnológico de Castilla y León, Burgos, Spain;Instituto Tecnológico de Castilla y León, Burgos, Spain;Department of Civil Engineering, University of Burgos, Spain, Burgos, Spain;Department of Civil Engineering, University of Burgos, Spain, Burgos, Spain;Departamento de Informática y Automática, Universidad de Salamanca, Salamanca, Spain
Venue:
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Year:
2011

Citing 20
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Bagging predictors

Machine Learning
Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint

Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint
Random Forests

Machine Learning
How to Make Stacking Better and Faster While Also Taking Care of an Unknown Weakness

ICML '02 Proceedings of the Nineteenth International Conference on Machine Learning
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
Reducing multiclass to binary: a unifying approach for margin classifiers

The Journal of Machine Learning Research
Combining diverse neural nets

The Knowledge Engineering Review
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Intrusion detection using hierarchical neural networks

Pattern Recognition Letters
Fast learning in networks of locally-tuned processing units

Neural Computation
Intrusion detection using fuzzy association rules

Applied Soft Computing
Review: Intrusion detection by machine learning: A review

Expert Systems with Applications: An International Journal
Neural projection techniques for the visual inspection of network traffic

Neurocomputing
DSS for computer security incident response applying CBR and collaborative response

Expert Systems with Applications: An International Journal
The WEKA data mining software: an update

ACM SIGKDD Explorations Newsletter
Neural visualization of network traffic data for intrusion detection

Applied Soft Computing
Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition

ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
Testing CAB-IDS through mutations: on the identification of network scans

KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Hierarchical Kohonenen net for anomaly detection in network security

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Quantified Score

Hi-index	0.00

Visualization

Abstract

In last decades there have been many proposals from the machine learning community in the intrusion detection field. One of the main problems that Intrusion Detection Systems (IDSs) - mainly anomaly-based ones - have to face are those attacks not previously seen (zero-day attacks). This paper proposes a mutation technique to test and evaluate the performance of several classifier ensembles incorporated to network-based IDSs when tackling the task of recognizing such attacks. The technique applies mutant operators that randomly modifies the features of the captured packets to generate situations that otherwise could not be provided to learning IDSs. As an example application for the proposed testing model, it has been specially applied to the identification of network scans and related mutations.