A multi-stage classification system for detecting intrusions in computer networks

Pattern Analysis and Applications

Volumn 10, Issue 2, 2007, Pages 83-100

  Cordella, Luigi Pietro ^a   Sansone, Carlo ^a  

^a UNIVERSITY OF NAPLES FEDERICO II   (Italy)

Author keywords

Classification reliability; Intrusion detection systems; Multiple classifier systems; Network security; Reject option

Indexed keywords

EID: 34247625572     PISSN: 14337541     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10044-006-0053-7     Document Type: Article

References (37)

1. Vigna G, Kemmerer R (1999) Netstat: a network based intrusion detection system. J Comput Secur 7(1)
2. Andersson S (1995) Detecting usual program behavior using the statistical component of the next-generation intrusion detection. Technical report, Comput Sci Lab
3. Broucek V, Turner P (2002) Bridging the divide: rising awareness of forensic issues amongst systems administrators. In: Proceedings of the 3rd international system administration and network engineering conference, Maastricht pp 27-31
4. Axelsson S (1999) Research in intrusion detection systems: a survey. Technical report TR, Chalmers University of Technology 98-17
5. Kumar R, Spafford EH (1995) A software architecture to support misuse intrusion detection. In: Proceedings of the 18th national information security conference pp 194-204
6. Meier M, Schmerl S, Koenig H (2005) Improving the efficiency of misuse detection. In: Julisch K, Kruegel C (eds) LNCS vol. 3548 Proceedings of the second international conference on detection of intrusions and malware, and vulnerability assessment, Vienna, Austria July 7-8, pp 188-205
7. Sy BK (2005) Signature-based approach for intrusion detection. In: Perner P, Imiya A (eds) LNAI vol. 3587 In: Proceedings of the 4th international conference on machine learning and data mining in pattern recognition, Leipzig July 9-11
8. Zhang C, Jiang J, Kamel M (2005) Intrusion detection using hierarchical neural networks. Pattern Recognit Lett 26(6):779-791
9. Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX security symposium, Washington, Aug 26-29
10. Lane T, Brodley CE (1999) Temporal sequence learning and data reduction for anomaly detection. ACM Trans Inform System Secur 2(3):295-261
11. Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S (2002) A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Barbara D, Jajodia S (eds) Applications of data mining in computer security, Kluwer
12. Singh S, Markou M (2003) Novelty detection: a review-part 2: neural network based approaches. Signal Process 83(12):2499-2521
13. Mahoney MV, Chan P (2003) An Analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In: Vigna G, Jonsson E, Kruegel C (eds) LNCS vol. 2820, Proceedings of RAID 2003, pp 220-238
14. Ramadas M, Ostermann S, Tjaden B (2003) Detecting anomalous network traffic with self-organizing maps. In: Vigna G, Jonsson E, Kruegel C (eds) LNCS vol. 2820, Proceedings of RAID 2003, pp 36-54
15. Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Jonsson E, Valdes A, Almgren M (eds) LNCS, vol. 3224, Proceedings of RAID 2004, pp 203-222
16. Zanero S, Savaresi SM (2004) Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM symposium on applied computing, pp 412-419
17. Kendall K (1998) A database of computer attacks for the evaluation of intrusion detection systems. Master's Thesis, Massachusetts institute of technology
18. Giacinto G, Roli F, Didaci L (2003) Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognit Lett 24:1795-1803
19. Lee SC, Heinbuch DV (2001) Training a neural network based intrusion detector to recognize novel attack. IEEE Trans Syst Man Cybern Part-A 31:294-299
20. Fugate M, Gattiker JR (2003) Computer intrusion detection with classification and anomaly detection, using SVMs. Intern J Pattern Recognit Artif Intell 17(3):441-458
21. Giacinto G, Roli F, Didaci L (2003) A modular multiple classifier system for the detection of intrusions. Lecture Notes Comput Sci 2709:346-355
22. Sansone C, Vento M (2000) Signature verification: increasing performance by a multi-stage system. Pattern Anal Appl 3(2):169-181
23. De Santo M, Percannella G, Sansone C, Vento M (2002) Cooperating experts for soundtrack analysis of MPEG movies. Inf Fusion 3(3):225-236
24. Rajan S, Ghosh J (2004) An empirical comparison of hierarchical vs two level approaches to multiclass problems. Lecture Notes Comput Sci 3077:283-292
25. Beale J, Foster JC (2003) Snort 2.0 intrusion detection. Syngress Publishing, Rockland
26. Valeur F, Vigna G, Kruegel C, Kemmerer R (2004) A comprehensive approach to intrusion detection alert correlation. IEEE Trans Dependable and Secure Comput 1(3):146-169
27. Cuppens F, Miege A (2002) Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the IEEE symposium on security and privacy, pp 202-215
28. Kuncheva LI (2004) Classifiers ensembles for changing environments. Lecture Notes Comput Sci 3077:1-15
29. Cordella LP, Sansone C, Tortorella F, Vento M, De Stefano C (1998) Neural networks classification reliability. In: Leondes CT (ed) Academic press theme volumes on neural network systems, Techniques and applications, Academic Press, vol. 5, pp 161-199
30. Cordella LP, Foggia P, Sansone C, Tortorella F, Vento M (1999) Reliability parameters to improve combination strategies in multi-expert systems. Pattern Anal Appl 3(2):205-214
31. Elkan C (2000) Results of the KDD99 classifier learning. ACM SIGKDD Explorations 1:63-64
32. Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inform System Secur 3(4):227-261
33. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans Inform System Secur 3(4):262-294
34. Liu Y, Chen K, Liao X, Zhang W (2004) A genetic clustering method for intrusion detection. Pattern Recognit 37
35. Kruegel C, Toth T, Kirda E (2002) Service specific anomaly detection for network intrusion detection. In: Proceedings of symposium on applied computing (SAC), Spain
36. Kuncheva LI, Bezdek JC, Duin RPW (2001) Decision templates for multiple classifier fusion: an experimental comparison. Pattern Recognit 34(2):299-314
37. Esposito M, Mazzariello C, Oliviero F, Romano SP, Sansone C (2006) Real time detection of novel attacks by means of data mining techniques. In: Chen C-S, Filipe J, Seruca I, Cordeiro J (eds) Enterprise information systems VII Springer, Berlin Heidelberg New York, pp 197-204