Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection
- 27 March 2013
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Cybernetics
- Vol. 44 (1), 66-82
- https://doi.org/10.1109/tcyb.2013.2247592
Abstract
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two online Adaboost-based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.Keywords
This publication has 44 references indexed in Scilit:
- Fast Distributed Outlier Detection in Mixed-Attribute Data SetsData Mining and Knowledge Discovery, 2006
- Training Genetic Programming on Half a Million Patterns: An Example From Anomaly DetectionIEEE Transactions on Evolutionary Computation, 2005
- Hierarchical Kohonenen Net for Anomaly Detection in Network SecurityIEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 2005
- A genetic clustering method for intrusion detectionPattern Recognition, 2004
- Novel statistical network model: the hyperbolic distributionIEE Proceedings - Communications, 2004
- A framework for constructing features and models for intrusion detection systemsACM Transactions on Information and System Security, 2000
- Winning the KDD99 classification cupACM SIGKDD Explorations Newsletter, 2000
- Results of the KDD'99 classifier learningACM SIGKDD Explorations Newsletter, 2000
- On combining classifiersIEEE Transactions on Pattern Analysis and Machine Intelligence, 1998
- A Decision-Theoretic Generalization of On-Line Learning and an Application to BoostingJournal of Computer and System Sciences, 1997