BIROn - Birkbeck Institutional Research Online

    Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection

    Weiming, H. and Jun, G. and Yanguo, W. and Ou, W. and Maybank, Stephen (2014) Online Adaboost-based parameterized methods for dynamic distributed network intrusion detection. IEEE Transactions on Cybernetics 44 (1), pp. 66-82. ISSN 2168-2267.

    [img]
    Preview
    Text
    14320.pdf - Author's Accepted Manuscript

    Download (653kB) | Preview

    Abstract

    Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed archi- tectures is now a major requirement. In this paper, we propose two online Adaboost-based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector ma- chines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.

    Metadata

    Item Type: Article
    Additional Information: (c) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
    Keyword(s) / Subject(s): Dynamic distributed detection, network intrusions, online Adaboost learning, parameterized model
    School: Birkbeck Schools and Departments > School of Business, Economics & Informatics > Computer Science and Information Systems
    Depositing User: Administrator
    Date Deposited: 15 Feb 2016 10:08
    Last Modified: 15 Feb 2016 10:08
    URI: http://eprints.bbk.ac.uk/id/eprint/14320

    Statistics

    Downloads
    Activity Overview
    310Downloads
    108Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item