A multi-stage classification system for detecting intrusions in computer networks |
| |
Authors: | Luigi Pietro Cordella Carlo Sansone |
| |
Affiliation: | (1) Dipartimento di Informatica e Sistemistica, Università degli Studi di Napoli “Federico II”, Via Claudio 21, 80125 Napoli, Italy |
| |
Abstract: | A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed.
The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing
a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification,
so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without
raising an alert for the system manager. This permits to reduce the number of false alarms. On the other hand, in order to
keep low the number of missed detections, the proposed system declares a connection as normal traffic only if all the stages
do not detect an attack. The proposed multi-stage intrusion detection system has been tested on three different services (http, telnet and ftp) of a standard database used for benchmarking intrusion detection systems and also on real network traffic data. The experimental
analysis highlights the effectiveness of the approach: the proposed system behaves significantly better than other multiple
classifier systems performing classification in a single stage.
Luigi Pietro Cordella
is a Professor of Computer Science at the Faculty of Engineering of the University of Naples “Federico II” (Italy). He has
been Chairman of the Department of Computer Science and Systems and, since 1994, Chairman of the Ph.D. course program in Information
Engineering of the University of Naples.
His present research interests include Syntactic and Structural Pattern Recognition, Shape Analysis, Document Recognition,
OCR, Neural Networks, and Evolutionary Computation.
He has published over 150 papers and is editor or co-editor of six books. He is a Fellow of IAPR and a member of IEEE and
Computer Society. He has been President of GIRPR (2000–2004), the Italian Association for Pattern Recognition, and member
of the Governing Board of the IAPR.
Carlo Sansone
is Associate Professor of Computer Science at the Faculty of Engineering of the University of Naples “Federico II” (Italy).
His research principally focuses on classification techniques, exact and inexact graph matching and multiple-classifier systems
theory and applications. He coordinated several projects in the areas of car plate recognition, biomedical images interpretation
and network intrusion detection.
Prof. Sansone has authored about 90 research papers in international journals and conference proceedings. He serves as referee
for many relevant journals in the field of Pattern Recognition and is Associate editor of the Electronic Letters on Computer
Vision and Image Analysis journal. He is currently co-editor of a special issue on “Information Fusion in Computer Security”
for the Information Fusion journal.
![MediaObjects/10044_2006_53_Figb_HTML.jpg](/content/x6v641841776366h/MediaObjects/10044_2006_53_Figb_HTML.jpg) |
| |
Keywords: | Multiple classifier systems Classification reliability Reject option Intrusion detection systems Network security |
本文献已被 SpringerLink 等数据库收录! |
|