Change search
ReferencesLink to record
Permanent link

Direct link
Ensemble-based methods for intrusion detection
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Computer and Information Science.
2012 (English)MasteroppgaveStudent thesis
Abstract [en]

Abstract The master thesis focuses on ensemble approaches applied to intrusion detection systems (IDSs). The ensemble approach is a relatively new trend in artificial intelligence in which several machine learning algorithms are combined. The main idea is to exploit the strengths of each algorithm of the ensemble to obtain a robust classifier. Moreover, ensembles are particularly useful when a problem can be segmented into subproblems. In this case, each module of the ensemble, which can include one or more algorithms, is assigned to one particular subproblem. Network attacks can be divided into four classes: denial of service, user to root, remote to local and probe. One module of the ensemble designed in this work is itself an ensemble of decision trees and is specialized on the detection of one class of attacks. The inner structure of each module uses bagging techniques to increase the accuracy of the IDS. Experiments showed that IDSs obtain better results when each class of attacks is treated as a separate problem and handled by specialized algorithms. This work have also concluded that these algorithms need to be trained with specific subsets of fea- tures selected according to their relevance to the class of attack being detected. The efficiency of ensemble approaches is also highlighted. In all experiments, the ensemble was able to bring down the number of false positives and false negatives. However, we also observed the limitations of the KDD99 dataset. In particular, the distribution of examples of remote to local attacks between the training set and test set made difficult the evaluation of the ensemble for this class of attack.

Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2012. , 102 p.
Keyword [no]
ntnudaim:7044, MTDT datateknikk, Intelligente systemer
URN: urn:nbn:no:ntnu:diva-20115Local ID: ntnudaim:7044OAI: diva2:603575
Available from: 2013-02-06 Created: 2013-02-06

Open Access in DiVA

fulltext(1563 kB)506 downloads
File information
File name FULLTEXT01.pdfFile size 1563 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)24 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf
attachment(22405 kB)2081 downloads
File information
File name ATTACHMENT01.zipFile size 22405 kBChecksum SHA-512
Type attachmentMimetype application/zip

By organisation
Department of Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 506 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 94 hits
ReferencesLink to record
Permanent link

Direct link