A multi-stage classification system for detecting intrusions in computer networks

A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed. The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification, so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without raising an alert for the system manager. This permits to reduce the number of false alarms. On the other hand, in order to keep low the number of missed detections, the proposed system declares a connection as normal traffic only if all the stages do not detect an attack. The proposed multi-stage intrusion detection system has been tested on three different services (http, telnet and ftp) of a standard database used for benchmarking intrusion detection systems and also on real network traffic data. The experimental analysis highlights the effectiveness of the approach: the proposed system behaves significantly better than other multiple classifier systems performing classification in a single stage.

Carlo Sansone (Corresponding author)Email:

---

Luigi Pietro Cordella   is a Professor of Computer Science at the Faculty of Engineering of the University of Naples “Federico II” (Italy). He has been Chairman of the Department of Computer Science and Systems and, since 1994, Chairman of the Ph.D. course program in Information Engineering of the University of Naples. His present research interests include Syntactic and Structural Pattern Recognition, Shape Analysis, Document Recognition, OCR, Neural Networks, and Evolutionary Computation. He has published over 150 papers and is editor or co-editor of six books. He is a Fellow of IAPR and a member of IEEE and Computer Society. He has been President of GIRPR (2000–2004), the Italian Association for Pattern Recognition, and member of the Governing Board of the IAPR. Carlo Sansone   is Associate Professor of Computer Science at the Faculty of Engineering of the University of Naples “Federico II” (Italy). His research principally focuses on classification techniques, exact and inexact graph matching and multiple-classifier systems theory and applications. He coordinated several projects in the areas of car plate recognition, biomedical images interpretation and network intrusion detection. Prof. Sansone has authored about 90 research papers in international journals and conference proceedings. He serves as referee for many relevant journals in the field of Pattern Recognition and is Associate editor of the Electronic Letters on Computer Vision and Image Analysis journal. He is currently co-editor of a special issue on “Information Fusion in Computer Security” for the Information Fusion journal.