Abstract
In this paper, an incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. It can learn new classes of intrusions that do not exist in the training dataset for incremental misuse detection. As the framework has low computational complexity, it is suitable for real-time or on-line learning. Also experimental evaluations on KDD Cup dataset are presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mounji, A., Charlier, B.L., Zampuniéris, D., Habra, N.: Distributed audit trail analysis. In: Balenson, D., Shirey, R. (eds.) Proceedings of the ISOC 1995 symposium on network and distributed system security, pp. 102–112. IEEE Computer Society, Los Alamitos (1995)
Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the production-based expert system toolset (PBEST). In: Gong, L., Reiter, M. (eds.) Proceedings of the 1999 IEEE symposium on security and privacy, pp. 146–161. IEEE Computer Socitey, Los Alamitos (1999)
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering 21(3), 181–199 (1995)
Neri, F.: Comparing local search with respect to genetic evolution to detect intrusions in computer networks. In: Proceedings of the 2000 Congress on Evolutionary Computation, Mar-seille, France, July 2000, vol. 1, pp. 238–243. IEEE, Los Alamitos (2000)
Guan, J., Liu, D.X., Cui, B.G.: An induction learning approach for building intrusion detection models using genetic algorithms. In: Proceedings of Fifth World Congress on Intelligent Control and Automation WCICA, vol. 5, pp. 4339–4342. IEEE, Los Alamitos (2004)
Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proceedings of the 2002 ACM symposium on Applied computing, pp. 201–208. ACM Press, New York (2002)
Freund, Y., Schapire, R.: A decision theoretic generalization of on-line learning and an application to boosting. Comput. Syst. Sci. 57(1), 119–139 (1997)
Xu, L., Krzyzak, A., Suen, C.Y.: Methods of Combining Multiple Classifier and Their Application to Handwriting Recognition. IEEE transactions on systems, man and cybernetics 22(3) (May/June 1992)
Barbarra, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusion by Data Mining. In: Proceedings of the 2001 IEEE, Workshop on Information Assurance and Security T1A3 1100 United States Military Academy, West Point, NY (June 2001)
Anderson, D., Frivold, T., Valdes, A.: Next-Generation Intrusion Detection Expert System (NIDES)-A Summary, Technical Report SRICLS-95-07, SRI (May 1995)
Zhang, J., Zulkernine, M.: A Hybrid Network Intrusion Detection Technique Using Random Forests. In: Proc. of the International Conference on Availability, Reliability and Security (AReS), Vienna, Austria, April 2006, pp. 262–269. IEEE Computer Soceity Press, Los Alamitos (2006)
Locasto, M., Wang, K., Keromytis, A., Stolfo, S.: Flips: Hybrid adaptive intrusion prevention. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 82–101. Springer, Heidelberg (2006)
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of 20th National Information Systems Security Conference (1997)
Tombini, E., Debar, H., Mé, L., Ducassé, M.: A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (December 2004)
Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Systems with Applications 29(4), 713–722 (2005); Elsevier
Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transaction on Dependable and Secure Computing 4(1), 41–55 (2007)
Xiang, C., Lim, S.M.: Design of Multiple-Level Hybrid Classifier for Intrusion Detection System. In: Proceeding of Machine Learning for Signal Processing, 2005 IEEE Workshop, pp. 117–122, September 28 (2005)
Rasoulifard, A., Ghaemi Bafghi, A.: Incremental Intrusion Detection Using Learn++ algorithm. In: 3rd conference on Information and Knowledge Technology, IKT2007, Ferdowsi University of Mashhad, Faculty of Engineering, November 27-29 (2007)
Yang, W., Yun, X.-C., Zhang, L.-J.: Using Incremental Learning Method From Adaptive Network Intrusion Detection. In: Proceedings of the Fourth International Conference on Machine Learnining and Cybernetics, Guanbzhou, August 18-21 (2005)
Zhong, S., Khoshgoftaar, T., Seliya, N.: Clustering-Based Network Intrusion Detection. International Journal of Reliability, Quality and Safety Engineering
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rasoulifard, A., Ghaemi Bafghi, A., Kahani, M. (2008). Incremental Hybrid Intrusion Detection Using Ensemble of Weak Classifiers. In: Sarbazi-Azad, H., Parhami, B., Miremadi, SG., Hessabi, S. (eds) Advances in Computer Science and Engineering. CSICC 2008. Communications in Computer and Information Science, vol 6. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89985-3_71
Download citation
DOI: https://doi.org/10.1007/978-3-540-89985-3_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89984-6
Online ISBN: 978-3-540-89985-3
eBook Packages: Computer ScienceComputer Science (R0)