Loading [a11y]/accessibility-menu.js
Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers | IEEE Conference Publication | IEEE Xplore

Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers


Abstract:

Intrusion detection systems (IDSs) play an important role to defend networks from cyber attacks. Among them, anomaly-based IDSs can detect unknown attacks like 0-day atta...Show More

Abstract:

Intrusion detection systems (IDSs) play an important role to defend networks from cyber attacks. Among them, anomaly-based IDSs can detect unknown attacks like 0-day attacks that are hard to detect by using signature-based system. However, they have problems that their performance depends on a learning dataset. It is very hard to prepare an appropriate learning dataset in a static fashion, because the traffic in the Internet changes quite dynamically and complexity. In this paper, we propose a method that follows traffic trend by combining multiple classifiers. We evaluate our method using Kyoto2006+ and existing algorithm.
Date of Conference: 18-21 July 2011
Date Added to IEEE Xplore: 25 August 2011
ISBN Information:
Conference Location: Munich, Germany
School of Engineering, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan

I. Introduction

The Internet has become rapidly widespread in recent years, while cyber attacks through the Internet has also increased. In order to defend our networks from cyber attacks, many security techniques have been studied, and an intrusion detection system (IDS) is one of such techniques. There are two types of IDSs, i.e., signature-based and anomaly-based IDSs. The former detects attacks by comparing raw traffic data with attack signatures given beforehand. They are widely used and show high performance to already-known attacks, but it is hard for them to detect unknown attacks for which there is no correspondent signature. On the other hand, anomaly-based IDSs can detect such unknown attacks by monitoring the fluctuation of access behavior in network traffic. In spite of such favorable property, there are two major problems in anomaly-based IDSs. One is that they show lower detection rate and higher false positive rate than signature-based ones. The other is that it is hard to prepare an appropriate learning dataset.

School of Engineering, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Information Technology Center, University of Nagoya, Nagoya, Japan
Contact IEEE to Subscribe

References

References is not available for this document.