Ensemble-based methods for intrusion detection

Abstract

AbstractThe master thesis focuses on ensemble approaches applied to intrusion detection systems (IDSs). The ensemble approach is a relatively new trend in artificial intelligence in which several machine learning algorithms are combined. The main idea is to exploit the strengths of each algorithm of the ensemble to obtain a robust classifier. Moreover, ensembles are particularly useful when a problem can be segmented into subproblems. In this case, each module of the ensemble, which can include one or more algorithms, is assigned to one particular subproblem. Network attacks can be divided into four classes: denial of service, user to root, remote to local and probe. One module of the ensemble designed in this work is itself an ensemble of decision trees and is specialized on the detection of one class of attacks. The inner structure of each module uses bagging techniques to increase the accuracy of the IDS. Experiments showed that IDSs obtain better results when each class of attacks is treated as a separate problem and handled by specialized algorithms. This work have also concluded that these algorithms need to be trained with specific subsets of fea- tures selected according to their relevance to the class of attack being detected. The efficiency of ensemble approaches is also highlighted. In all experiments, the ensemble was able to bring down the number of false positives and false negatives. However, we also observed the limitations of the KDD99 dataset. In particular, the distribution of examples of remote to local attacks between the training set and test set made difficult the evaluation of the ensemble for this class of attack.