• DocumentCode
    3071326
  • Title

    Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers

  • Author

    Kishimoto, Kazuya ; Yamaki, Hirofumi ; Takakura, Hiroki

  • Author_Institution
    Sch. of Eng., Nagoya Univ., Nagoya, Japan
  • fYear
    2011
  • fDate
    18-21 July 2011
  • Firstpage
    366
  • Lastpage
    371
  • Abstract
    Intrusion detection systems (IDSs) play an important role to defend networks from cyber attacks. Among them, anomaly-based IDSs can detect unknown attacks like 0-day attacks that are hard to detect by using signature-based system. However, they have problems that their performance depends on a learning dataset. It is very hard to prepare an appropriate learning dataset in a static fashion, because the traffic in the Internet changes quite dynamically and complexity. In this paper, we propose a method that follows traffic trend by combining multiple classifiers. We evaluate our method using Kyoto2006+ and existing algorithm.
  • Keywords
    Internet; computer network security; pattern classification; 0-day attacks; Internet; Kyoto2006+; anomaly based IDS; cyber attacks; intrusion detection systems; learning dataset; multiple classifiers; Clustering algorithms; Electronic mail; Feature extraction; Internet; Servers; Testing; Training; clustering; detection rate; false positive rate; intrusion detection system;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Applications and the Internet (SAINT), 2011 IEEE/IPSJ 11th International Symposium on
  • Conference_Location
    Munich, Bavaria
  • Print_ISBN
    978-1-4577-0531-1
  • Electronic_ISBN
    978-0-7695-4423-6
  • Type

    conf

  • DOI
    10.1109/SAINT.2011.70
  • Filename
    6004187