AdaBoost-Based Algorithm for Network Intrusion Detection

Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machin...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on systems, man and cybernetics. Part B, Cybernetics Vol. 38; no. 2; pp. 577 - 583
Main Authors Weiming Hu, Wei Hu, Maybank, S.
Format Journal Article
LanguageEnglish
Published United States IEEE 01.04.2008
Subjects
AdaBoost
Algorithms
Artificial Intelligence
Classifiers
Complexity
Computation
Computational complexity
Computer Security
Cybernetics
Decision Support Techniques
detection rate
Error analysis
false-alarm rate
Information security
Information Storage and Retrieval - methods
Information systems
Internet
Intrusion
Intrusion detection
Networks
Object detection
Pattern recognition
Pattern Recognition, Automated - methods
Protection
Signal Processing, Computer-Assisted
Testing
detection rate
AdaBoost
false-alarm rate
intrusion detection
computational complexity
Online AccessGet full text

Cover

More Information
Summary:Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ObjectType-Article-2
ObjectType-Feature-1
ISSN:1083-4419
DOI:10.1109/TSMCB.2007.914695