Loading [a11y]/accessibility-menu.js
Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2011 IEEE/IPSJ International ...

Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers

PDF
Kazuya Kishimoto; Hirofumi Yamaki; Hiroki Takakura
All Authors

Abstract:

Intrusion detection systems (IDSs) play an important role to defend networks from cyber attacks. Among them, anomaly-based IDSs can detect unknown attacks like 0-day atta...Show More

Metadata

Abstract:

Intrusion detection systems (IDSs) play an important role to defend networks from cyber attacks. Among them, anomaly-based IDSs can detect unknown attacks like 0-day attacks that are hard to detect by using signature-based system. However, they have problems that their performance depends on a learning dataset. It is very hard to prepare an appropriate learning dataset in a static fashion, because the traffic in the Internet changes quite dynamically and complexity. In this paper, we propose a method that follows traffic trend by combining multiple classifiers. We evaluate our method using Kyoto2006+ and existing algorithm.
Published in: 2011 IEEE/IPSJ International Symposium on Applications and the Internet
Date of Conference: 18-21 July 2011
Date Added to IEEE Xplore: 25 August 2011
ISBN Information:
DOI: 10.1109/SAINT.2011.70
Conference Location: Munich, Germany
School of Engineering, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Contents

I. Introduction

The Internet has become rapidly widespread in recent years, while cyber attacks through the Internet has also increased. In order to defend our networks from cyber attacks, many security techniques have been studied, and an intrusion detection system (IDS) is one of such techniques. There are two types of IDSs, i.e., signature-based and anomaly-based IDSs. The former detects attacks by comparing raw traffic data with attack signatures given beforehand. They are widely used and show high performance to already-known attacks, but it is hard for them to detect unknown attacks for which there is no correspondent signature. On the other hand, anomaly-based IDSs can detect such unknown attacks by monitoring the fluctuation of access behavior in network traffic. In spite of such favorable property, there are two major problems in anomaly-based IDSs. One is that they show lower detection rate and higher false positive rate than signature-based ones. The other is that it is hard to prepare an appropriate learning dataset.

School of Engineering, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Contact IEEE to Subscribe
More Like This
Intelligent Water Pressure Sensor for Smart Fire Fighting Water Cyber Physical System Feature Extraction Model Training and Testing Data Acquisition

2022 IEEE 6th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC )

Published: 2022

An Algorithm for Detection of Traffic Attribute Exceptions Based on Cluster Algorithm in Industrial Internet of Things

IEEE Access

Published: 2021

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.