About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning
| Main Author: | |
|---|---|
| Publication Date: | 2023 |
| Format: | Doctoral thesis |
| Language: | eng |
| Source: | Repositório Institucional da UNESP |
| Download full: | http://hdl.handle.net/11449/243763 |
Summary: | Maintaining Confidentiality, Integrity, and Availability requirements is a very relevant challenge for companies, governments, and corporations concerning the security of their information. Attacks on computer networks and systems have been intensifying recently, becoming more recurrent and sophisticated. Intrusion Detection Systems (IDS) are responsible for analyzing network traffic or operating systems' behavior to detect anomalous behavior and block attacks. Traditional IDS, however, have difficulty detecting more complex attack patterns, as their detection methods (by anomaly or by signature) are old and modern attacks are robust and heterogeneous. In this sense, the area of artificial intelligence, with emphasis on the field of machine learning, delivers classification algorithms capable of recognizing complex patterns, thus allowing the construction of intelligent IDS that make fewer mistakes. The field of machine learning also manages to unite different classifiers (ensemble learning) focused on solving the same problem, increasing performance concerning classification successes, but with a common problem: the high computational cost. This doctoral thesis is organized as a ``compilation of articles'' and presents a way to estimate the best classifiers to compose an ensemble based on the diversity between them. This choice allowed finding a more acceptable and less costly way to create an IDS based on ensemble learning that could decrease classification errors while reducing the computational cost. The materials and methods chosen were based on the state-of-the-art for the area obtained by a comprehensive systematic review of the literature, and the experiments were carried out on the five most relevant intrusion datasets, using the ensemble ``stacking'' method and the four supervised classifiers most common to the area. The results obtained are organized in the articles of this compilation and demonstrate that pruning for diversity solves the problem stipulated in this thesis: reduction of computational cost and increase of attacks classification hits. |
| id |
UNSP_47234fc9c9d3cf86c4ebd7f14c0fabb5 |
|---|---|
| oai_identifier_str |
oai:repositorio.unesp.br:11449/243763 |
| network_acronym_str |
UNSP |
| network_name_str |
Repositório Institucional da UNESP |
| repository_id_str |
2946 |
| spelling |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learningAbout intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learningMachine learningEnsemble learningIntrusion detection systemComputers networkAprendizagem de máquinaEnsemble learningSistemas de detecção de intrusãoRedes de computadoresMaintaining Confidentiality, Integrity, and Availability requirements is a very relevant challenge for companies, governments, and corporations concerning the security of their information. Attacks on computer networks and systems have been intensifying recently, becoming more recurrent and sophisticated. Intrusion Detection Systems (IDS) are responsible for analyzing network traffic or operating systems' behavior to detect anomalous behavior and block attacks. Traditional IDS, however, have difficulty detecting more complex attack patterns, as their detection methods (by anomaly or by signature) are old and modern attacks are robust and heterogeneous. In this sense, the area of artificial intelligence, with emphasis on the field of machine learning, delivers classification algorithms capable of recognizing complex patterns, thus allowing the construction of intelligent IDS that make fewer mistakes. The field of machine learning also manages to unite different classifiers (ensemble learning) focused on solving the same problem, increasing performance concerning classification successes, but with a common problem: the high computational cost. This doctoral thesis is organized as a ``compilation of articles'' and presents a way to estimate the best classifiers to compose an ensemble based on the diversity between them. This choice allowed finding a more acceptable and less costly way to create an IDS based on ensemble learning that could decrease classification errors while reducing the computational cost. The materials and methods chosen were based on the state-of-the-art for the area obtained by a comprehensive systematic review of the literature, and the experiments were carried out on the five most relevant intrusion datasets, using the ensemble ``stacking'' method and the four supervised classifiers most common to the area. The results obtained are organized in the articles of this compilation and demonstrate that pruning for diversity solves the problem stipulated in this thesis: reduction of computational cost and increase of attacks classification hits.Manter os requisitos de Confidencialidade, Integridade e Disponibilidade é um desafio muito relevante para empresas, governos e corporações no que diz respeito à segurança de suas informações. Ataques a redes e sistemas de computadores vêm se intensificando recentemente, tornando-se mais recorrentes e sofisticados. Os Sistemas de Detecção de Intrusão (IDS) são responsáveis por analisar o tráfego de rede ou o comportamento dos sistemas operacionais para detectar comportamentos anômalos e bloquear ataques. Os IDS tradicionais, no entanto, têm dificuldade em detectar padrões de ataque mais complexos, pois seus métodos de detecção (por anomalia ou por assinatura) são antigos e os ataques modernos são robustos e heterogêneos. Neste sentido, a área de inteligência artificial, com ênfase na área de aprendizado de máquina, entrega algoritmos de classificação capazes de reconhecer padrões complexos, permitindo assim a construção de IDS inteligentes que cometem menos erros. A área de aprendizado de máquina também consegue unir diferentes classificadores (ensemble learning) focados em resolver o mesmo problema, aumentando o desempenho quanto aos acertos de classificação, mas com um problema relevante: o alto custo computacional. Esta tese de doutorado está organizada como uma ``compilação de artigos'' e apresenta uma forma de estimar os melhores classificadores para compor um ensemble com base na diversidade entre eles. Esta escolha permitiu encontrar uma maneira mais aceitável e menos dispendiosa de criar um IDS baseado em ensemble learning que pudesse diminuir os erros de classificação enquanto reduzia o custo computacional. Os materiais e métodos escolhidos foram baseados no estado-da-arte para a área obtido por uma revisão sistemática abrangente da literatura, e os experimentos foram realizados nos cinco conjuntos de dados de intrusão mais relevantes, usando o algoritmo de ensemble ``stacking'' e os quatro classificadores supervisionados mais comuns na área. Os resultados obtidos estão organizados nos artigos desta compilação e demonstram que a poda pela diversidade resolve o problema estipulado nesta tese: redução de custo computacional e aumento de acertos de classificação de ataques.Universidade Estadual Paulista (Unesp)Costa, Kelton Augusto Pontara da [UNESP]Universidade Estadual Paulista (Unesp)Lucas, Thiago José2023-05-29T19:19:42Z2023-05-29T19:19:42Z2023-05-19info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/doctoralThesisapplication/pdfhttp://hdl.handle.net/11449/24376333004153073P2enginfo:eu-repo/semantics/openAccessreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESP2024-04-23T14:56:24Zoai:repositorio.unesp.br:11449/243763Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestrepositoriounesp@unesp.bropendoar:29462024-04-23T14:56:24Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
| dc.title.none.fl_str_mv |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| title |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| spellingShingle |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning Lucas, Thiago José Machine learning Ensemble learning Intrusion detection system Computers network Aprendizagem de máquina Ensemble learning Sistemas de detecção de intrusão Redes de computadores |
| title_short |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| title_full |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| title_fullStr |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| title_full_unstemmed |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| title_sort |
About intrusion detection in computer networks and computational systems: a pruning proposal to reduce computational cost and gain performance using ensemble learning |
| author |
Lucas, Thiago José |
| author_facet |
Lucas, Thiago José |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Costa, Kelton Augusto Pontara da [UNESP] Universidade Estadual Paulista (Unesp) |
| dc.contributor.author.fl_str_mv |
Lucas, Thiago José |
| dc.subject.por.fl_str_mv |
Machine learning Ensemble learning Intrusion detection system Computers network Aprendizagem de máquina Ensemble learning Sistemas de detecção de intrusão Redes de computadores |
| topic |
Machine learning Ensemble learning Intrusion detection system Computers network Aprendizagem de máquina Ensemble learning Sistemas de detecção de intrusão Redes de computadores |
| description |
Maintaining Confidentiality, Integrity, and Availability requirements is a very relevant challenge for companies, governments, and corporations concerning the security of their information. Attacks on computer networks and systems have been intensifying recently, becoming more recurrent and sophisticated. Intrusion Detection Systems (IDS) are responsible for analyzing network traffic or operating systems' behavior to detect anomalous behavior and block attacks. Traditional IDS, however, have difficulty detecting more complex attack patterns, as their detection methods (by anomaly or by signature) are old and modern attacks are robust and heterogeneous. In this sense, the area of artificial intelligence, with emphasis on the field of machine learning, delivers classification algorithms capable of recognizing complex patterns, thus allowing the construction of intelligent IDS that make fewer mistakes. The field of machine learning also manages to unite different classifiers (ensemble learning) focused on solving the same problem, increasing performance concerning classification successes, but with a common problem: the high computational cost. This doctoral thesis is organized as a ``compilation of articles'' and presents a way to estimate the best classifiers to compose an ensemble based on the diversity between them. This choice allowed finding a more acceptable and less costly way to create an IDS based on ensemble learning that could decrease classification errors while reducing the computational cost. The materials and methods chosen were based on the state-of-the-art for the area obtained by a comprehensive systematic review of the literature, and the experiments were carried out on the five most relevant intrusion datasets, using the ensemble ``stacking'' method and the four supervised classifiers most common to the area. The results obtained are organized in the articles of this compilation and demonstrate that pruning for diversity solves the problem stipulated in this thesis: reduction of computational cost and increase of attacks classification hits. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023-05-29T19:19:42Z 2023-05-29T19:19:42Z 2023-05-19 |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/doctoralThesis |
| format |
doctoralThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/11449/243763 33004153073P2 |
| url |
http://hdl.handle.net/11449/243763 |
| identifier_str_mv |
33004153073P2 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) |
| publisher.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) |
| dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
| instname_str |
Universidade Estadual Paulista (UNESP) |
| instacron_str |
UNESP |
| institution |
UNESP |
| reponame_str |
Repositório Institucional da UNESP |
| collection |
Repositório Institucional da UNESP |
| repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
| repository.mail.fl_str_mv |
repositoriounesp@unesp.br |
| _version_ |
1834484484704043008 |