Ensemble-based Adaptive Intrusion Detection

Abstract

Previous chapter Next chapter Full AccessProceedings Proceedings of the 2002 SIAM International Conference on Data Mining (SDM)Ensemble-based Adaptive Intrusion DetectionWei Fan and Salvatore J. StolfoWei Fan and Salvatore J. Stolfopp.41 - 58Chapter DOI:https://doi.org/10.1137/1.9781611972726.3PDFBibTexSections ToolsAdd to favoritesExport CitationTrack CitationsEmail SectionsAboutAbstract Intrusion detection is an essential component of computer security mechanisms. Intrusion detection systems (IDSs) need to efficiently and accurately adapt to incorporate new knowledge of previously unseen classes of attacks (different from incremental learning) that are constantly invented to prevent any further damage as early as possible. Learning a completely new detection model from both known attacks and new unknown attacks is usually very slow due to the complexity of the problem and large size of the dataset. There isn't much previous research to address this issue. In this paper, we propose an “ensemble-based” method to efficiently learn a light weight model from audit data of new attack patterns that is then “attached” to an existing previously learned model by a decision rule system. Our method solves the problem of fast training and efficient model deployment that prevents the damage of new types of intrusions at its earliest stage. Several configurations varying in the form of the underlying model and decision rules are explored. The training cost of this method is significantly less than re-training a monolithic model from both new and old training data. Empirical studies show the ensemble-based method has comparable accuracy as the monolithic detector, but the model generation time is 150 times faster. This quick learning time provides an opportunity to deploy new models rapidly to thwart damage of both new and old classes of attacks, which can be replaced later with an updated and better monolithic model as time and resources permit. Previous chapter Next chapter RelatedDetails Published:2002ISBN:978-0-89871-517-0eISBN:978-1-61197-272-6 https://doi.org/10.1137/1.9781611972726Book Series Name:ProceedingsBook Code:PR108Book Pages:xii + 600