Multiple classifier systems for network security: from data collection to attack detection.

Since the Internet started developing, hosts and provided services have always been targeted with attacks trying to disrupt them. Trends show that, throughout the years, the number of hosts, as well as the degree of dependency of the whole society on the services provided through the Internet, increased dramatically, whereas the skills and knowledge required to interfere with normal network operation, and eventually to abruptly interrupt it, decreased accordingly. This considerations urge the requirement for effective tools, aimed at granting security to Internet users. The need for systems capable of detecting attacks, and reacting in order to prevent them from occurring again, is nowadays undeniable. In this thesis we propose methods based on multiple classifier systems for intrusion detection. We use such systems for automated data collection, also taking privacy issues into account. Some approaches to traffic classification are presented too, together with a proposal for the practical deployment of multiple classifiers in a real network environment.