Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of int...Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore,this paper employs the Principle Com-ponent Analysis (PCA) approach,an effective data reduction approach,to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these ex-periments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple “weak learners”. In our experiments,the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides,this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm’s. However,the generalization ability of SVM algorithm is better than boosting algorithm.展开更多
基金National High-tech R&D Program of China (2003AA142060)National Basic Research Program of China (2001CB09403).
文摘Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore,this paper employs the Principle Com-ponent Analysis (PCA) approach,an effective data reduction approach,to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these ex-periments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple “weak learners”. In our experiments,the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides,this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm’s. However,the generalization ability of SVM algorithm is better than boosting algorithm.
