Intrusion Detection Systems (IDSs) play a key role in modern ICT security. Attacks detected and reported by IDSs are often analyzed by administrators who are tasked with countering the attack and minimizing its damage. Consequently, it is important that the alerts generated by the IDS are as detailed as possible. In this paper, we present a multi-layered behavior-based IDS using ensemble learning techniques for the classification of network attacks. Three widely adopted and appreciated models, i.e., Decision Trees, Random Forests, and Artificial Neural Networks, have been chosen to build the ensemble. To reduce the system response time, our solution is designed to immediately filter out traffic detected as benign without further analysis, while suspicious events are investigated to achieve a more fine-grained classification. Experimental evaluation performed on the CIC-IDS2017 public dataset shows that the system is able to detect nine categories of attacks with high performances, according to all the considered metrics.

Agate V., D'Anna F.M., De Paola A., Ferraro P., Lo Re G., Morana M. (2022). A Behavior-Based Intrusion Detection System Using Ensemble Learning Techniques. In Proceedings of the Italian Conference on Cybersecurity (ITASEC 2022) (pp. 207-218).

A Behavior-Based Intrusion Detection System Using Ensemble Learning Techniques

Agate V.
;
D'Anna F. M.;De Paola A.;Ferraro P.;Lo Re G.;Morana M.
2022-01-01

Abstract

Intrusion Detection Systems (IDSs) play a key role in modern ICT security. Attacks detected and reported by IDSs are often analyzed by administrators who are tasked with countering the attack and minimizing its damage. Consequently, it is important that the alerts generated by the IDS are as detailed as possible. In this paper, we present a multi-layered behavior-based IDS using ensemble learning techniques for the classification of network attacks. Three widely adopted and appreciated models, i.e., Decision Trees, Random Forests, and Artificial Neural Networks, have been chosen to build the ensemble. To reduce the system response time, our solution is designed to immediately filter out traffic detected as benign without further analysis, while suspicious events are investigated to achieve a more fine-grained classification. Experimental evaluation performed on the CIC-IDS2017 public dataset shows that the system is able to detect nine categories of attacks with high performances, according to all the considered metrics.
Settore ING-INF/05 - Sistemi Di Elaborazione Delle Informazioni
https://ceur-ws.org/Vol-3260/paper15.pdf
Agate V., D'Anna F.M., De Paola A., Ferraro P., Lo Re G., Morana M. (2022). A Behavior-Based Intrusion Detection System Using Ensemble Learning Techniques. In Proceedings of the Italian Conference on Cybersecurity (ITASEC 2022) (pp. 207-218).
File in questo prodotto:
File Dimensione Formato  
TOC_preface_paper_ITASEC2022.pdf

accesso aperto

Descrizione: TOC + prefazione + articolo
Tipologia: Versione Editoriale
Dimensione 1.05 MB
Formato Adobe PDF
1.05 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10447/576368
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact