AdaBoost Algorithm with Single Weak Classifier in Network Intrusion Detection

1.1 Related Work

Kayacik et al and Heywood (2003)proposed a hierarchical SOM for intrusion detection. They utilized the classification capability of the SOM on selected dimensions and specific attention is given to the hierarchical development of abstractions. The reported results showed that there was an increase in attack detection rate. AnazidaZainal (2009) demonstrated the ensemble of different learning paradigms by assigning proper weight to the individual classifiers. They have observed that there was an improvement on attack detection and significant reduction on false alarm.

Several hybrid IDS have been proposed recently to deal with the complexity of the intrusion detection problem by combining different machine learning algorithms. Shi-Jinn Horng and Ming-Yang Su (2011),were developed a hybrid intelligent IDS by incorporating a hierarchical clustering and support vector machines. The SVM theory was slightly modified in this research in order to be used with standard network intrusions dataset that contains labels. Cheng Xiang and Png Chin Yong (2008) designed IDS by combining the supervised tree classifiers and unsupervised Bayesian Clustering to detect intrusions.

Jiang Zhang (2006) proposed a new framework of unsupervised anomaly NIDS based on the outlier detection technique in random forests algorithm. The framework builds the patterns of network services over datasets labeled by the services. With the built in patterns, the framework detects attacks in the datasets using the outlier detection algorithm. This approach reduced the time complexity and cost of memory to a larger extent.

Giacinto at al (2007) took a slightly different approach. Their anomaly IDS was based on modular multiple classifier system where each module was designed for each group of protocols and services. The reported results showed that this approach provides a better trade-off between generalization abilities and false alarm generation than that provided by an individual classifier trained on the overall feature set. MrudulaGudadhe and Prakash (2010) have demonstrated a new ensemble boosted decision tree for intrusion detection system. The underlying idea of this approach is to combine simple rules to form an ensemble such that the performance of the single ensemble is improved.

Yongiin Liu et al (2010) constructed a classifier by using a decision tree as its base learner. The classification accuracy this algorithm is little better than SOM algorithms. Weiming Hu (2008) has proposed an adaboost based algorithm for network intrusion detection which uses decision stump as a weak learner. The decision rules are provided for both categorical and continuous features and some provision was made for handling the overfitting.