Network Intrusion Detection by Combining One-Class Classifiers

  • Giorgio Giacinto
  • Roberto Perdisci
  • Fabio Roli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3617)


Intrusion Detection Systems (IDSs) play an essential role in today’s network security infrastructures. Their main aim is in finding out traces of intrusion attempts alerting the network administrator as soon as possible, so that she can take suitable countermeasures. In this paper we propose a misuse-based Network Intrusion Detection architecture in which we combine multiple one-class classifiers. Each one-class classifier is trained in order to discriminate between a specific attack and all other traffic patterns. As attacks can be grouped in classes according to a taxonomy, for each attack class a number of one-class classifiers are trained, each one specialized to a specific attack. The proposed multiple classifier architecture combine the outputs of one class classifiers to attain an IDS based on generalized attack signatures. The aim is in labelling a pattern either as normal or as belonging to one of the attack classes according to the adopted taxonomy. The potentials and effectiveness of the proposed approach are analysed and discussed.


Computer Security Pattern Recognition 


  1. 1.
    Axelsson, S.: A preliminary attempt to apply detection and estimation theory to intrusion detection. Technical report, Dept. of Computer Engineering, Chalmers Univerity of Technology, Sweden (March 2000)Google Scholar
  2. 2.
    McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)zbMATHGoogle Scholar
  3. 3.
    Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24(12), 1795–1803 (2003)CrossRefGoogle Scholar
  4. 4.
    Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Networks. In: Jordan, M., et al. (eds.) Advances in Neural Information Processing Systems 10, pp. 943–949. MIT Press, Cambridge (1998)Google Scholar
  5. 5.
    Cordella, Limongiello, Sansone: Network Intrusion Detection by a Multi-Stage Classification System. In: Roli, F., Kittler, J., Windeatt, T. (eds.) MCS 2004. LNCS, vol. 3077, pp. 324–333. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Weber, D.: A Taxonomy of Computer Intrusions. Master’s thesis Massachussets Institute of Technology (1998)Google Scholar
  7. 7.
    Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master s thesis, Massachussets Institute of Technology (1999)Google Scholar
  8. 8.
  9. 9.
    Northcutt, S., Novak, J.: Network Intrusion Detection, 2nd edn. New Riders Pub. (2001)Google Scholar
  10. 10.
    Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. on Inform. and System Security 3(4), 227–261 (2000)CrossRefGoogle Scholar
  11. 11.
    Tax, D.: One-class classification. PhD thesis, Technische Universiteit Delft (2001)Google Scholar
  12. 12.
    Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms. Wiley, Chichester (2004)zbMATHCrossRefGoogle Scholar
  13. 13.
    Elkan, C.: Results of the KDD 99 Classifier Learning. ACM SIGKDD Explorations 1(2), 63–64 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Giorgio Giacinto
    • 1
  • Roberto Perdisci
    • 1
  • Fabio Roli
    • 1
  1. 1.Department of Electrical and Electronic EngineeringUniversity of CagliariCagliariItaly

Personalised recommendations