Abstract
Intrusion detection can be essentially regarded as a classification problem, namely, distinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore, this paper employs the Principle Component Analysis (PCA) approach, an effective data reduction approach, to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these experiments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple "weak learners". In our experiments, the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides, this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm's. However, the generalization ability of SVM algorithm is better than boosting algorithm.
| Original language | English |
|---|---|
| Pages (from-to) | 369-373 |
| Number of pages | 5 |
| Journal | Journal of Electronics |
| Volume | 24 |
| Issue number | 3 |
| DOIs | |
| State | Published - May 2007 |
Keywords
- Boosting algorithm
- Decision tree
- Intrusion Detection System (IDS)
- Machine learning
- Network security
- Support Vector Machine (SVM)