A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed. The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification, so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without raising an alert for the system manager. This permits to reduce the number of false alarms. On the other hand, in order to keep low the number of missed detections, the proposed system declares a connection as normal traffic only if all the stages do not detect an attack. The proposed multi-stage intrusion detection system has been tested on three different services (http, telnet and ftp) of a standard database used for benchmarking intrusion detection systems and also on real network traffic data. The experimental analysis highlights the effectiveness of the approach: the proposed system behaves significantly better than other multiple classifier systems performing classification in a single stage.

A Multi-Stage Classification System for Detecting Intrusions in Computer Networks / Cordella, LUIGI PIETRO; Sansone, Carlo. - In: PATTERN ANALYSIS AND APPLICATIONS. - ISSN 1433-7541. - STAMPA. - 10:2(2007), pp. 83-100. [10.1007/s10044-006-0053-7]

A Multi-Stage Classification System for Detecting Intrusions in Computer Networks

CORDELLA, LUIGI PIETRO;SANSONE, CARLO
2007

Abstract

A serial multi-stage classification system for facing the problem of intrusion detection in computer networks is proposed. The whole decision process is organized into successive stages, each one using a set of features tailored for recognizing a specific attack category. All the stages employ suitable criteria for estimating the reliability of the performed classification, so that, in case of uncertainty, information related to a possible attack are only logged for further processing, without raising an alert for the system manager. This permits to reduce the number of false alarms. On the other hand, in order to keep low the number of missed detections, the proposed system declares a connection as normal traffic only if all the stages do not detect an attack. The proposed multi-stage intrusion detection system has been tested on three different services (http, telnet and ftp) of a standard database used for benchmarking intrusion detection systems and also on real network traffic data. The experimental analysis highlights the effectiveness of the approach: the proposed system behaves significantly better than other multiple classifier systems performing classification in a single stage.
2007
A Multi-Stage Classification System for Detecting Intrusions in Computer Networks / Cordella, LUIGI PIETRO; Sansone, Carlo. - In: PATTERN ANALYSIS AND APPLICATIONS. - ISSN 1433-7541. - STAMPA. - 10:2(2007), pp. 83-100. [10.1007/s10044-006-0053-7]
File in questo prodotto:
File Dimensione Formato  
paa07.pdf

non disponibili

Tipologia: Documento in Post-print
Licenza: Accesso privato/ristretto
Dimensione 342.96 kB
Formato Adobe PDF
342.96 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/200841
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 8
social impact