A Hybrid Framework for Building an Efficient ‎Incremental Intrusion Detection System

In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system ‎combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of ‎weak classifiers to implement misuse intrusion detection system. It can identify new classes types of ‎intrusions that do not exist in the training dataset for incremental misuse detection. As the framework has ‎low computational complexity, it is suitable for real-time or on-line learning. We use incremental centroid-‎based “on-line k-Mean” clustering algorithm to implement anomaly detection system. Experimental ‎evaluations on KDD Cup dataset have shown that the proposed framework has high clustering quality, ‎relatively low computational complexity and fast convergence. ‎