Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection

P Natesan
2012 International journal of network security and its applications  
Based on the analysis and distribution of network attacks in KDDCup99 dataset and real time traffic, this paper proposes a design of multi stage filter which is an efficient and effective approach in dealing with various categories of attacks in networks. The first stage of the filter is designed using Enhanced Adaboost with Decision tree algorithm to detect the frequent attacks occurs in the network and the second stage of the filter is designed using enhanced Adaboost with Naïve Byes
more » ... to detect the moderate attacks occurs in the network. The final stage of the filter is used to detect the infrequent attack which is designed using the enhanced Adaboost algorithm with Naïve Bayes as a base learner. Performance of this design is tested with the KDDCup99 dataset and is shown to have high detection rate with low false alarm rates. The field of network intrusion detection and network security has been around since late 1990s. Since then, a number of frameworks and methodologies have been proposed and many tools have been built to detect network intrusion. Various methodologies such as rule based 122 algorithm, classification, clustering, genetic algorithms, support vector machines, hybrid classification and others have been used to detect network intrusions. In this section, we briefly discuss few of these methodologies and frameworks. Weiming Hu et. al., [3] have proposed an Adaboost based algorithm for network intrusion detection. The AdaBoost algorithm is one of the most popular machine learning algorithms and it corrects the misclassifications made by weak classifiers. The authors in [3] used decision stump as a weak classifier. The decision rules are provided for both categorical and continuous features and some provision was made for handling the overfitting.
doi:10.5121/ijnsa.2012.4308 fatcat:2t2nzkfzordedhha44r24b354m