Network Intrusion Detection by a Multi-stage Classification System

A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed. The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification, so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without raising an alert for the system manager. This permits to reduce the number of false alarms.

[1]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[2]  Fabio Roli,et al.  A Modular Multiple Classifier System for the Detection of Intrusions in Computer Networks , 2003, Multiple Classifier Systems.

[3]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[4]  James R. Gattiker,et al.  Computer Intrusion Detection with Classification and Anomaly Detection, Using SVMs , 2003, Int. J. Pattern Recognit. Artif. Intell..

[5]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[6]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[7]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[8]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[9]  Mario Vento,et al.  A Classification Reliability Driven Reject Rule for Multi-Expert Systems , 2001, Int. J. Pattern Recognit. Artif. Intell..

[10]  Jeffrey Posluns,et al.  Snort 2.0 Intrusion Detection , 2003 .

[11]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[12]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[13]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.