Malak Alshawabkeh
David Kaeli
ABSTRACT
Intrusion detection is one of the high priority and challenging tasks in many technologies, particularly, in virtualization technology. There is a need to safeguard these systems from known vulnerabilities and at the same time take steps to detect new and unseen, but possible, system abuses by developing more reliable and efficient intrusion detection systems.
In this correspondence, we propose a machine learning based intrusion detection algorithm based on Enhanced Boosting with Decision Stumps algorithm to detect various categories of attacks utilizing information embedded within the virtual machine monitor (VMM) level. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for different types of features. By combining the weak classifiers for the heterogeneous mixture features types into a strong classifier, the relations between these features are handled naturally, without any forced conversions between them. Moreover, adjustable initial weights based on the area under the ROC curve (AUC) are adopted to make a tradeoff between the false-alarm and detection rates. Experimental results show that our algorithm has low computational complexity and error rates as tested on real malwares.
- M. Alshawabkeh, M. Moffie, F. Azamandian, J. A. Aslam, J. G. Dy, and D. Kaeli. Effective virtual machine monitor intrusion detection using feature selection on highly imbalanced data. In The ninth International Conference on Machine Learning and Applications (ICMLA), pages 823--825, 2010. Google Scholar
Digital Library
- The Apache Software Foundation. ab - Apache HTTP server benchmarking tool. http://www.apache.org/.Google Scholar
- Y. Freund and R. Schapire. Experiments with a new boosting algorithm. In Machine Learning: Proceedings of the Thirteenth International Conference, pages 148--156, 1996.Google ScholarDigital Library
- Innotek. Innotek virtualbox. http://www.virtualbox.org/, 2010.Google Scholar
- P. Long and R. Servedio. Boosting the area under the roc curve. In NIPS, 2007.Google ScholarDigital Library
- Malfease. Project malfease. https://malfease.oarci.net/.Google Scholar
- E. Schapire, Y. Freund, P. Bartlett, and W. Lee. Boosting the margin: A new explanation for the effectiveness of voting methods. Ann. Stat., 26(5):1651--1686, 1998.Google ScholarCross Ref
- P. Silapachote, D. Karuppiah, and A. Hanson. Feature selection using adaboost for face expression recognistion. Proceedings of the Fourth IASTED International Conference on Visualization, Imaging, and Imag Processing, pages 84--89, 2004.Google Scholar
- Transaction Processing Performance Council TPC. TPC-C, an on-line transaction processing benchmark. http://www.tpc.org/.Google Scholar
- I. Witten and E. Frank. Data Mining: Practical Machine Learning Tools and Techniques. second edition, 2005. Google ScholarDigital Library
- Z. Zheng, X. Wu, and R. Srihari. Feature selection for text categorization on imbalanced data. SIGKDD Explor. Newsl., 6(1):80--89, 2004. Google ScholarDigital Library
Index Terms
- Enhanced boosting-based algorithm for intrusion detection in virtual machine environments
Recommendations
Comparison of ensemble learning methods applied to network intrusion detection
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud ComputingThis paper investigates the possibility of using ensemble learning methods to improve the performance of intrusion detection systems. We compare an ensemble of three ensemble learning methods, boosting, bagging and stacking in order to improve the ...
Effective Virtual Machine Monitor Intrusion Detection Using Feature Selection on Highly Imbalanced Data
ICMLA '10: Proceedings of the 2010 Ninth International Conference on Machine Learning and ApplicationsVirtualization is becoming an increasingly popular service hosting platform. Recently, intrusion detection systems (IDSs) which utilize virtualization have been introduced. One particular challenge present in current virtualization-based IDS systems is ...
Application of bagging, boosting and stacking to intrusion detection
MLDM'12: Proceedings of the 8th international conference on Machine Learning and Data Mining in Pattern RecognitionThis paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and ...
Comments