Study On The Network Intrusion Detection Approach Based On Multiple Classifiers Combination

The security of computer networks plays a strategic role in modern computer systems. Network Intrusion Detection System (NIDS) is a software system deployed inside the computer network. It can detect the known or potential threats in network traffic.Detecting novel attacks is difficult in real applications. People apply pattern recognition approaches to research the intrusion detection. Pattern recognition techniques have been extensively evaluated on the sample data set of network traffic since the KDD'99 conference. The results pointed out that it is feasible to apply the pattern recognition approaches for NIDS. However, the NIDS by pattern recognition algorithms has a high false alarm rate in operational environments. Multiple classifiers combination can achieve more accurate classification than the best single classifier. This paper researches the network intrusion detection technique by applying pattern recognition approaches based on multiple classifiers combination.There are two strategies for multiple classifiers combination: multiple classifiers fusion and multiple classifiers selection. Firstly, according to fixedfusion rules, classfication and clustering analysis algorithms, this paper presents an effective network intrusion detection approach based on multiple classifiers fusion. Secondly, two network intrusion detection approaches based on multiple classifiers selection are proposed. One is based on static classifier selection, which reduces the error of static selection and improved the detection performance by partitioning every cluster area with a new method; The other is based on dynamic classifier selection, which reduces the requirement of computational resources and increases classification speed by adding the training procedure and evaluating the performance of classifier statically in order to attain the real-time level of network intrusion detection. Finally, a mechanism to integrate multiple classifiers selection and multiple classifiers fusion is proposed. Integrated approach is better than each approach and has a more widely application area.The experiment results show the presented approaches can achieve good detection performance and can remarkably reduce errors and false alarms in network intrusion detection. By applying these approaches, we can design high-performance NIDS based on pattern recognition.