Abstract
Computer networks are becoming more insecure and vulnerable to intrusions and attacks as they are increasingly accessible to users globally. To minimize possibility of intrusions and attacks, various intrusion detection models have been proposed. However, the existing procedures suffer high false alarm, not adequately adaptive, low accuracy and rigid. The detection performance deteriorates when behavior of traffic is changing and new attacks continually emerge. Therefore, the need to update the reference model for any given anomaly-based intrusion detection is necessary to keep up with these changes. Severe changes should be addressed immediately before the performance is compromised. Available updating approaches include dynamic, periodic and regulated. Unfortunately, none considers severity of changes to trigger the updating. This paper proposed an adaptive IDS model using regulated retraining approach based on severity of changes in network traffic. Therefore, retraining can be done as and when necessary. Changes are denoted by ambiguous decisions and assumed to reflect insufficient knowledge of classifiers to make decision. Results show that the proposed approach is able to improve detection accuracy and reduce false alarm.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Burbeck, K., Tehrani, S.N.: Adaptive real-time anomaly detection with incremental clustering. Information Security Technical Report 12, 56–67 (2007)
Chavan, S., Shah, K., Dave, N., Mukherjee, S., Abraham, A., Sanyal, S.: Adaptive neuro-fuzzy intrusion detection systems. In: IEEE Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2004), vol. 1, pp. 70–74 (2004)
Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Journal of Computers and Security 24(4), 295–307 (2005)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE 13(2), 222–232 (1987)
Eskin, E., Miller, M., Zhong, Z.D., Yi, G., Lee, W.A., Stolfo, S.: Adaptive Model Generation for Intrusion Detection System. In: Proceedings of the ACMCCS Workshop on Intrusion Detection and Prevention, Athens, Greece (2000)
Fan, W., Stolfo, S.: Ensemble-based Adaptive Intrusion Detection. In: Proceedings of 2nd SIAM International Conference on Data Mining (SDM 2002), Arlington, VA, April 11-13 (2002)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix Processes. In: IEEE Proceedings of Symposium on Security and Privacy, pp. 120–128 (1996)
Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of the 14th Annual Computer Security Applications Conference, AC-SAC (1998)
Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer network. Pattern Recognition Letters 24(12), 1795–1803 (2003)
Hofmeyr, S.A.: An Immunological Model of Distributed Detection and Its Application to Computer Security. Ph.D. Thesis. Computer Science Dept of University of New Mexico, United States (1999)
Hossein, M., Bridges, S.M.: A Framework for an Adaptive Intrusion Detection System With Data Mining. In: Proceedings of the 13th Annual Canadia Information Technology Security Symposium, Ottawa, Canada (2001)
Hossein, M., Bridges, S.M., Vaughn, R.B.: Adaptive Intrusion Detection wit Data Mining. In: Proceedings of IEEE Conference on Systems, Man & Cybernetics, pp. 3097–3103 (2003)
Jemili, F., Zaghdoud, M., Ahmed, M.: A Framework for an Adaptive Intrusion Detection System using Bayesian Network. In: IEEE Proceedings of Intelligence and Security Informatics, New Brunswick, New Jersey, pp. 66–70 (2007)
Kim, J.: Integrating Artificial Immune Algorithms for Intrusion Detection. PhD Thesis, Department of Computer Science, University College of London (2003)
Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection – A Review. Natural Computing 6(4), 413–466 (2007)
Langin, C., Rahimi, S.: Soft computing in intrusion detection: the state of the art. Ambient Intelligent and Humanized Computing 1, 133–145 (2010)
Lee, H., Chung, Y., Park, D.: An Adaptive Intrusion Detection Algorithm Based on Clustering and Kernel-Method. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 603–610. Springer, Heidelberg (2006)
Lee, W., Stolfo, S.S., Mok, K.W.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review. Issues on the Application of Data Mining 14, 533–567 (2000)
Li, Y., Jun, L.W., Zhi, H.T., Tian, B.L., Chen, Y.: Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Computers and Security 28(6), 466–475 (2009)
Liao, Y., Vemuri, V.R., Pasos, A.: Adaptive anomaly detection with evolving connectionist systems. Network and Applications 30(1), 60–80 (2007)
Liu, G., Yi, Z., Yang, S.: A hierarchical intrusion detection model based on the PCA neural networks. Neurocomputing 70, 1561–1568 (2007)
Shafi, K., Abbass, H.A.: An Adaptive Genetic-based Signature Learning System for Intrusion Detection. Expert Systems with Applications 36(10), 12036–12043 (2009)
Tang, W., Cao, Y., Xi, M.Y., Won, H.S.: Study on Adaptive Intrusion Detection Engine Based on Gene Expression Programming Rules. In: Proceedings of International Conference on Computer Science and Software Engineering, pp. 959–963 (2008)
Tapiador, J.M.E., Teodoro, P.G., Verdejo, J.E.D.: Anomaly Detection Methods in Wired Networks: A Survey and Taxonomy. Computer Communications 27(16), 1569–1584 (2004)
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion Detection by Machine Learning: A Review. Expert Systems with Applications 36(10), 11994–12000 (2009)
Warrander, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: IEEE Proceedings of Symposium on Security and Privacy, pp. 133–145 (1999)
Wu, X.S., Banzhaf, W.: The Use of Computational Intelligence in Intrusion Detection Systems: A Review. Applied Soft Computing 10(1), 1–35 (2010)
Xu, X., Wang, X.: An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines. In: Li, X., Wang, S., Dong, Z.Y. (eds.) ADMA 2005. LNCS (LNAI), vol. 3584, pp. 696–703. Springer, Heidelberg (2005)
Yang, W., Yun, X.C., Zhang, L.J.: Using Incremental Learning Method for Adaptive Network Intrusion Detection. In: Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Guangzhou, August 18-21, pp. 3932–3936 (2005)
Yu, Z.X., Chen, J.R., Zhu, T.Q.: A Novel Adaptive Intrusion detection system Based on Data Mining. In: Proceedings of the Fourth International Conference on Machine Learning and Cybernatics, Guangzhou, August 18-21, pp. 2390–2395 (2005)
Zhang, Z., Shen, H.: Application of online-training SVMs for real-time intrusion detection with different considerations. Computer Communications 28(12), 1428–1442 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zainal, A., Maarof, M.A., Shamsuddin, S.M., Abraham, A. (2012). Design of Adaptive IDS with Regulated Retraining Approach. In: Hassanien, A.E., Salem, AB.M., Ramadan, R., Kim, Th. (eds) Advanced Machine Learning Technologies and Applications. AMLTA 2012. Communications in Computer and Information Science, vol 322. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35326-0_59
Download citation
DOI: https://doi.org/10.1007/978-3-642-35326-0_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35325-3
Online ISBN: 978-3-642-35326-0
eBook Packages: Computer ScienceComputer Science (R0)