Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Weiming, H.; Jun, G.; Yanguo, W.; Ou, W.; Maybank, Stephen (2014)
Publisher: IEEE Computer Society
Languages: English
Types: Article
Subjects: csis

Classified by OpenAIRE into

ACM Ref: ComputingMethodologies_PATTERNRECOGNITION
Current network intrusion detection systems lack\ud adaptability to the frequently changing network environments.\ud Furthermore, intrusion detection in the new distributed archi-\ud tectures is now a major requirement. In this paper, we propose\ud two online Adaboost-based intrusion detection algorithms. In the\ud first algorithm, a traditional online Adaboost process is used\ud where decision stumps are used as weak classifiers. In the second\ud algorithm, an improved online Adaboost process is proposed,\ud and online Gaussian mixture models (GMMs) are used as weak\ud classifiers. We further propose a distributed intrusion detection\ud framework, in which a local parameterized detection model is\ud constructed in each node using the online Adaboost algorithm. A\ud global detection model is constructed in each node by combining\ud the local parametric models using a small number of samples in\ud the node. This combination is achieved using an algorithm based\ud on particle swarm optimization (PSO) and support vector ma-\ud chines. The global model in each node is used to detect intrusions.\ud Experimental results show that the improved online Adaboost\ud process with GMMs obtains a higher detection rate and a lower\ud false alarm rate than the traditional online Adaboost process that\ud uses decision stumps. Both the algorithms outperform existing\ud intrusion detection algorithms. It is also shown that our PSO,\ud and SVM-based algorithm effectively combines the local detection\ud models into the global model in each node; the global model in\ud a node can handle the intrusion types that are found in other\ud nodes, without sharing the samples of these intrusion types.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [1] D. Denning, “An intrusion detection model,” IEEE Trans. on Software Engineering, vol. SE-13, no. 2, pp. 222-232, Feb. 1987.
    • [2] J.B.D. Caberera, B. Ravichandran, and R.K. Mehra, “Statistical traffic modeling for network intrusion detection,” in Proc. of Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 466-473, 2000
    • [3] W. Lee, S.J. Stolfo, and K. Mork, “A data mining framework for building intrusion detection models,” in Proc. of IEEE Symposium on Security Privacy, pp. 120-132, May 1999.
    • [4] M.E. Otey, A. Ghoting, and S. Parthasarathy, “Fast distributed outlier detection in mixed-attribute data sets,” Data Ming and Knowledge Discovery, vol. 12, no. 2-3, pp. 203-228, May 2006.
    • [5] H.G. Kayacik, A.N. Zincir-heywood, and M.T. Heywood, “On the capability of an SOM based intrusion detection system,” in Proc. of International Joint Conference on Neural Networks, vol. 3, pp. 1808-1813, July 2003.
    • [6] P.Z. Hu and M.I. Heywood, “Predicting intrusions with local linear model,” in Proc. of International Joint Conference on Neural Networks, vol. 3, pp. 1780-1785, July 2003.
    • [7] Z. Zhang and H. Shen, “Online training of SVMs for real-time intrusion detection,” in Proc. of Advanced Information Networking and Applications, vol. 2, pp. 568-573, 2004.
    • [8] H. Lee, Y. Chung, and D. Park, “An adaptive intrusion detection algorithm based on clustering and kernel-method,” in Proc .of International Conference on Advanced information Networking and Application, pp.603-610, 2004.
    • [9] W. Lee and S.J. Stolfo, “A framework for constructing features and models for intrusion detection systems,” ACM Transactions on Information an System Security, vol. 3, no. 4, pp. 227-261, Nov. 2000.
    • [10] A. Fern and R. Givan, “Online ensemble learning: an empirical study,” in Proc. of International Conference on Machine Learning, pp. 279-286, 2000.
    • [11] J. Kittler, M. Hatef, R.P.W. Duin, and J. Matas. “On combining classifiers,” IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 20, no.3, pp. 226-238, March 1998.
    • [12] J. Kennedy, “Particle swarm optimization,” in Proc. of IEEE International Conference on Neural Networks, Perth, pp. 1942-1948, 1995.
    • [13] Y. Shi and R.C. Eberhart, “A modified particle swarm optimizer,” in Proc. of IEEE International Conference on Evolutionary Computation, Anchorage, USA, pp.69-73, 1998.
    • [14] S. Stofo et al. “The third international knowledge discovery and data mining tools competition,” The University of California. 2002. Available: http://kdd.ics.uci.edu/databases/kddCup99/kddCup99.h-tml. mining using genetic network programming,” IEEE Trans. on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 41, no. 1, pp. 130-139, Jan. 2011.
    • [50] S.T. Brugger and J. Chow, “An assessment of the DARPA IDS evaluation dataset using Snort,” Technical Report CSE-2007-1, University of California, Jan. 2007.
    • [51] S. Panigrahi and S. Sural, “Detection of database intrusion using a two-stage fuzzy system,” Information Security, Lecture Notes in Computer Science, vol. 5735, pp. 107-120, 2009.
    • [52] D. Smallwood and A. Vance, “Intrusion analysis with deep packet inspection: increasing efficiency of packet based investigations,” in Proc. of International Conference on Cloud and Service Computing, pp. 342-347, Dec. 2011.
    • [53] S. Mabu, C. Chen, N. Lu, K. Shimada, and K. Hirasawa, “An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming,” IEEE Trans. on Systems, Man, and Cybernetics. Part C: Applications and Reviews, vol. 41, no. 1, pp. 130-139, Jan. 2011.
    • [54] C. Otte and C. Stormann, “Improving the accuracy of network intrusion detectors by input-dependent stacking,” Integrated Computer-Aided Engineering, vol. 18, pp. 291-297, 2011.
    • [55] K.-C. Khor, C.-Y. Ting, S. Phon-Amnuaisuk, “A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection,” Applied Intelligence, vol. 36, pp. 320-329, 2012.
    • [56] B. Zhang, “A heuristic genetic neural network for intrusion detection,” in Proc. of International Conference on Internet Computing and Information Services, pp. 510-513, Sept. 2011.
    • [57] C.-F. Tsai, J.-H. Tsai, and J.-S. Chou, “Centroid-based nearest neighbor feature representation for e-government intrusion detection,” in Proc. of World Telecommunications Congress, pp. 1-6, March 2012.
    • [58] J. Gao, W. Hu, X. Zhang, and X. Li, “Adaptive distributed intrusion detection using parametric model,” in Proc. of IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technologies, vol. 1, pp. 675-678, Sept. 2009.
    • [59] P. Prasenna, A.V.T. RaghavRamana, R. KrishnaKumar, and A. Devanbu, “Network programming and mining classifier for intrusion detection using probability classification,” in Proc. of the International Conference on Pattern Recognition, Informatics and Medical Engineering, pp. 204-209, March 2012.
    • [60] K. Rieck, “Machine learning for application-layer intrusion detection,” Dissertation, Fraunhofer Institute FIRST & Berlin Institute of Technology, Berlin Germany, 2009.
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article