Adaptive Intrusion Detection System via online machine learning

Adaptation of Intrusion Detection Systems (IDSs) in the heterogeneous and adversarial network environments is crucial. We design an adaptive IDS that has 10% higher accuracy than the best of four different baseline IDSs. Rather than creating a new `super´ IDS, we combine the outputs of the IDSs by using the online learning framework proposed by Bousquet and Warmuth [1]. The combination framework allows to dynamically determine the best IDSs performed in different segments of a dataset. Moreover, to increase the accuracy and reliability of the intrusion detection results, the fusion between outputs of the four IDSs is taken into account by a new expanded framework. We conduct the experiments on two different datasets for benchmarking Web Application Firewalls: the ECML-PKDD 2007 HTTP dataset and the CISIC HTTP 2010. Experimental results show the high adaptability of the proposed IDS.