A Method of Combining Multiple Experts for the Recognition of Unconstrained Handwritten Numerals
IEEE Transactions on Pattern Analysis and Machine Intelligence
Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
A simple, fast, and effective rule learner
AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
A machine learning approach to detecting attacks by identifying anomalies in network traffic
A machine learning approach to detecting attacks by identifying anomalies in network traffic
Novelty detection: a review—part 2: neural network based approaches
Signal Processing
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A modular multiple classifier system for the detection of intrusions in computer networks
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Training a neural-network based intrusion detector to recognize novel attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Hi-index | 0.00 |
Pattern Recognition (PR) techniques have proven their ability for detecting malicious activities within network traffic. Systems based on multiple classifiers can further enforce detection capabilities by combining and correlating the results obtained by different sources. An aspect often disregarded in PR approaches dealing with the intrusion detection problem is the use of temporal information. Indeed, an attack is typically carried out along a set of consecutive network packets; therefore, a PR system could improve its reliability by examining sequences of network connections before expressing a decision. In this paper we present a system that uses a multiple classifier approach together with temporal information about the network packets to be classified. In order to improve classification reliability, we introduce the concept of rejection: instead of emitting an unreliable verdict, an ambiguously classified packet can be logged for further analysis. The proposed system has been tested on a wide database made up of real network traffic traces.