Ensemble-Distributed Approach in Classification Problem Solution for Intrusion Detection Systems

摘要

Network activity has become an essential part of daily life of almost any individual or company. At the same time the number of various network threats and attacks in private and corporate networks is constantly increasing. Therefore, the development of effective methods of intrusion detection is an urgent problem nowadays. In the paper the basic scheme and main steps of the novel ensemble-distributed approach are proposed. This approach can be used to solve a wide range of classification problems. Its scheme is well suited for the problem of intrusion detection in computer networks. Unlike traditional ensemble approaches the proposed approach provides partial obtaining of adaptive solutions by individual classifiers without an ensemble classifier. The proposed approach has been used to solve some test problems. The results are presented in the article. The approach was also tested on a data set KDD Cup '99 and the results confirm the high efficiency of the proposed scheme of ensemble-distributed classification. In comparison with the traditional approaches for distributed intrusion detection systems there is a significant reduction (about 10%) of information flows between distributed individual classifiers and a centralized ensemble classifier. Possible ways of approach improving and possible applications of the proposed collective-distributed scheme are presented in the final part of the article.