An improved Hoeffding-ID data-stream classification algorithm

Depending on the use of the Internet and network, data-stream classification has been applied in the intrusion detection field. Due to unlimited and difficult storage features, the routine classification algorithm (eg. C4.5, currently widely used classification algorithm with higher classification accuracy) tends to incorrect classification and memory leaks. In this paper, we propose an improved Hoeffding tree data-stream classification algorithm, Hoeffding-ID and apply it to the network data-stream process of the intrusion detection field. Experimental results shows that the Hoeffding-ID algorithm has relative high detection accuracy, low positives rate and memory usage not increasing with the data samples.

[1]  Geoff Holmes,et al.  Ensembles of Restricted Hoeffding Trees , 2012, TIST.

[2]  João Gama,et al.  Accurate decision trees for mining high-speed data streams , 2003, KDD '03.

[3]  Carlo Zaniolo,et al.  An Adaptive Nearest Neighbor Classification Algorithm for Data Streams , 2005, PKDD.

[4]  S. Ranjitha Kumari,et al.  Adaptive Anomaly Intrusion Detection System Using Optimized Hoeffding Tree and Adaptive Drift Detection Method , 2014 .

[5]  S. Ranjitha Kumari,et al.  Adaptive Anomaly Intrusion Detection System Using Optimized Hoeffding Tree and Online Adaboost Algorithm , 2014 .

[6]  Bin Gu,et al.  Incremental Support Vector Learning for Ordinal Regression , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[7]  Bin Gu,et al.  Incremental learning for ν-Support Vector Regression , 2015, Neural Networks.

[8]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[9]  Charu C. Aggarwal,et al.  A framework for diagnosing changes in evolving data streams , 2003, SIGMOD '03.

[10]  Franco Turini,et al.  Stream mining: a novel architecture for ensemble-based classification , 2011, Knowledge and Information Systems.

[11]  Jin Wang,et al.  Botnet Detection Based on Correlation of Malicious Behaviors , 2013 .

[12]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[13]  Chunyong Yin,et al.  Towards Accurate Node-Based Detection of P2P Botnets , 2014, TheScientificWorldJournal.

[14]  Wenke Lee Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility , 2002, SKDD.

[15]  Geoff Hulten,et al.  Mining high-speed data streams , 2000, KDD '00.