About this Journal Submit a Manuscript Table of Contents
Applied Computational Intelligence and Soft Computing
Volume 2012 (2012), Article ID 850160, 20 pages
http://dx.doi.org/10.1155/2012/850160
Review Article

The Use of Artificial-Intelligence-Based Ensembles for Intrusion Detection: A Review

1Department of Computer Application, Shaheed Bhagat Singh State Technical Campus, Ferozepur, Punjab 152004, India
2Department of Computer Science & Engineering, Punjab Institute of Technology, Kapurthala, Punjab 144601, India

Received 4 April 2012; Accepted 11 July 2012

Academic Editor: Farid Melgani

Copyright © 2012 Gulshan Kumar and Krishan Kumar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. J. McCumber, “Information system security: a comprehensive model,” in Proceedings of the 14th National Computer Security Conference, Baltimore, Md, USA, 1991.
  2. W. Khreich, E. Granger, A. Miri, and R. Sabourin, “Iterative Boolean combination of classifiers in the ROC space: an application to anomaly detection with HMMs,” Pattern Recognition, vol. 43, no. 8, pp. 2732–2752, 2010. View at Publisher · View at Google Scholar · View at Scopus
  3. I. Corona, G. Giacinto, C. Mazzariello, F. Roli, and C. Sansone, “Information fusion for computer security: state of the art and open issues,” Information Fusion, vol. 10, no. 4, pp. 274–284, 2009. View at Publisher · View at Google Scholar · View at Scopus
  4. S. Axelsson, “Research in intrusion detection system—a survey,” Tech. Rep. CMU/SEI, 1999.
  5. G. Kumar, K. Kumar, and M. Sachdeva, “The use of artificial intelligence based techniques for intrusion detection—a review,” Artificial Intelligence Review, vol. 34, no. 4, pp. 369–387, 2010. View at Publisher · View at Google Scholar
  6. C. Kruegel, F. Valeur, and G. Vigna, Intrusion Detection and Correlation, Challenges and Solution, Advances in Information Security, Springer, 2005.
  7. R. Caruana and A. Niculescu-Mizil, “Data mining in metric space: an empirical analysis of supervised learning performance criteria,” in Proceedings of the 10th ACM SIGMOD International Conference on Knowledge Discovery and Data Mining (KDD-2004), pp. 69–78, ACM Press, August 2004. View at Scopus
  8. G. Kumar and K. Kumar, “AI based supervised classifiers an analysis for intrusion detection,” in Proceedings of the International Conference on Advances in Computing and Artificial Intelligence (ACAI '11), pp. 170–174, ACM Digital Library, Chitkara, India, July 2011. View at Publisher · View at Google Scholar
  9. J. W. Haines, R. P. Lippmann, D. J. Fried, E. Tran, S. Boswell, and M. A. Zissman, “DARPA intrusion detection system evaluation: design and procedures,” Tech. Rep., MIT Lincoln Laboratory, 1999.
  10. KDDCup, “The Third International Knowledge Discovery and Data Mining Tools Competition,” 1999, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
  11. UNM dataset, http://www.cs.unm.edu/immsec/systemcalls.htm.
  12. DEFCON 9, http://ictf.cs.ucsb.edu/data/defcon_ctf_09/.
  13. ITOC dataset, http://www.itoc.usma.edu/research/dataset/.
  14. J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory,” ACM Transactions on Information and System Security, vol. 3-4, pp. 262–294, 2000.
  15. G. Kumar, K. Kumar, and M. Sachdeva, “An empirical comparative analysis of feature reduction methods for intrusion detection,” International Journal of Information and Telecommunication, vol. 1, pp. 44–51, 2010.
  16. G. Kumar and K. Kumar, “An information theoretic approach for feature selection,” Security and Communication Networks, vol. 5, pp. 178–185, 2012.
  17. K. Julisch, “Clustering intrusion detection alarms to support root cause analysis,” ACM Transactions on Information and System Security, vol. 6, no. 4, pp. 443–471, 2003. View at Publisher · View at Google Scholar · View at Scopus
  18. H. Debar and A. Wespi, “Aggregation and correlation of intrusion-detection alerts, recent advances in intrusion detection,” Lecture Notes in Computer Science, vol. 2212, pp. 85–103, 2001.
  19. A. Patcha and J. M. Park, “An overview of anomaly detection techniques: existing solutions and latest technological trends,” Computer Networks, vol. 51, no. 12, pp. 3448–3470, 2007. View at Publisher · View at Google Scholar · View at Scopus
  20. P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion detection: techniques, systems and challenges,” Computers & Security, vol. 28, no. 1-2, pp. 18–28, 2009. View at Publisher · View at Google Scholar · View at Scopus
  21. M. C. Ponce, “Intrusion detection system with artificial intelligence,” in Proceedings of the FIST Conference, Universidad Pontificia Comillas de Madrid, 2004, edition: 1/28.
  22. L. Didaci, G. Giacinto, and F. Roli, “Ensemble learning for intrusion detection in computer networks,” in Proceedings of the 8th Conference of the Italian Association of Artificial Intelligence (AIAA '02), Siena, Italy, 2002.
  23. M. Sabhnani and G. Serpen, “Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context,” in Proceedings of the International Conference on Machine Learning; Models, Technologies and Applications (MLMTA '03), pp. 209–215, June 2003. View at Scopus
  24. M. Panda and M. R. Patra, “A comparative study of data mining algorithms for network intrusion detection,” in Proceedings of the 1st International Conference on Emerging Trends in Engineering and Technology (ICETET '08), pp. 504–507, IEEE Computer Society, July 2008. View at Publisher · View at Google Scholar · View at Scopus
  25. T. G. Dietterich, “Ensemble methods in machine learning,” in Proceedings of the Multiple Classifier Systems. First International Workshop (MCS '00), J. Kittler and F. Roli, Eds., vol. 1857 of Lecture Notes in Computer Science, pp. 1–15, Cagliari, Italy, 2000.
  26. A. K. Jain, R. P. W. Duin, and J. Mao, “Statistical pattern recognition: a review,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 22, no. 1, pp. 4–37, 2000. View at Publisher · View at Google Scholar · View at Scopus
  27. S. Mukkamala, A. H. Sung, and A. Abraham, “Intrusion detection using an ensemble of intelligent paradigms,” Journal of Network and Computer Applications, vol. 28, no. 2, pp. 167–182, 2005. View at Publisher · View at Google Scholar · View at Scopus
  28. S. Chebrolu, A. Abraham, and J. P. Thomas, “Feature deduction and ensemble design of intrusion detection systems,” Computers and Security, vol. 24, no. 4, pp. 295–307, 2005. View at Publisher · View at Google Scholar · View at Scopus
  29. S. Peddabachigari, A. Abraham, C. Grosan, and J. Thomas, “Modeling intrusion detection system using hybrid intelligent systems,” Journal of Network and Computer Applications, vol. 30, no. 1, pp. 114–132, 2007. View at Publisher · View at Google Scholar · View at Scopus
  30. M. Govindarajan and R. M. Chandrasekaran, “Intrusion detection using neural based hybrid classification methods,” Computer Networks, vol. 55, no. 8, pp. 1662–1671, 2011. View at Publisher · View at Google Scholar · View at Scopus
  31. C. Langin and S. Rahimi, “Soft computing in intrusion detection: the state of the art,” Journal of Ambient Intelligence and Humanized Computing, vol. 1, no. 2, pp. 133–145, 2010. View at Publisher · View at Google Scholar · View at Scopus
  32. G. Wang, H. Jinxing, M. Jian, and H. Lihua, “A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering,” Expert Systems with Applications, vol. 37, no. 9, pp. 6225–6232, 2010. View at Publisher · View at Google Scholar
  33. V. Engen, Machine learning for network based intrusion detection [Ph.D. thesis], Bournemouth University, June 2010.
  34. G. D. Guvenir, “Classification by voting feature intervals,” in Proceedings of the European Conference on Machine Learning, pp. 85–92, 1997.
  35. A. Zainal, M. A. Maarof, and S. M. Shamsuddin, “Ensemble classifiers for network intrusion detection system,” Journal of Information Assurance and Security, vol. 4, pp. 217–225, 2009.
  36. C. Xiang, P. C. Yong, and L. S. Meng, “Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees,” Pattern Recognition Letters, vol. 29, no. 7, pp. 918–924, 2008. View at Publisher · View at Google Scholar · View at Scopus
  37. N. B. Anuar, H. Sallehudin, A. Gani, and O. Zakari, “Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree,” Malaysian Journal of Computer Science, vol. 21, no. 2, pp. 101–115, 2008. View at Scopus
  38. F. Gharibian and A. A. Ghorbani, “Comparative study of supervised machine learning techniques for intrusion detection,” in Proceedings of the 5th Annual Conference on Communication Networks and Services Research (CNSR '07), pp. 350–358, Washington, DC, USA, May 2007. View at Publisher · View at Google Scholar · View at Scopus
  39. A. N. Toosi and M. Kahani, “A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers,” Computer Communications, vol. 30, no. 10, pp. 2201–2212, 2007. View at Publisher · View at Google Scholar · View at Scopus
  40. L. Khan, M. Awad, and B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” The International Journal on Very Large Data Bases, vol. 16, no. 4, pp. 507–521, 2007. View at Publisher · View at Google Scholar · View at Scopus
  41. Y. Chen, A. Abraham, and B. Yang, “Hybrid flexible neural-tree-based intrusion detection systems,” International Journal of Intelligent Systems, vol. 22, no. 4, pp. 337–352, 2007. View at Publisher · View at Google Scholar · View at Scopus
  42. T. S. Hwang, T.-J. Lee, and Y.-J. Lee, “A three-tier IDS via data mining approach,” in Proceedings of the 3rd Annual ACM Workshop on Mining Network Data (MineNet '07), pp. 1–6, June 2007. View at Publisher · View at Google Scholar · View at Scopus
  43. A. Abraham and J. Thomas, “Distributed intrusion detection systems: a computational intelligence approach,” in Applications of Information Systems to Homeland Security and Defense, H. Abbass and D. Essam, Eds., pp. 105–135, Idea Group, New York, NY, USA, 2005, chapter 5.
  44. Z. S. Pan, S. C. Chen, G. B. Hu, and D. Q. Zhang, “Hybrid neural network and C4.5 for misuse detection,” in Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 2463–2467, November 2003. View at Scopus
  45. G. Giacinto and F. Roli, “An approach to the automatic design of multiple classifier systems,” Pattern Recognition Letters, vol. 22, no. 1, pp. 25–33, 2001. View at Publisher · View at Google Scholar · View at Scopus
  46. L. I. Kuncheva, Combining Pattern Classifiers: Methods and Algorithms, Wiley-Interscience, New York, NY, USA, 2004.
  47. G. Brown, J. Wyatt, R. Harris, and X. Yao, “Diversity creation methods: a survey and categorisation,” Journal of Information Fusion, vol. 6, no. 1, pp. 5–20, 2005. View at Publisher · View at Google Scholar · View at Scopus
  48. L. K. Hansen and P. Salamon, “Neural network ensembles,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 12, no. 10, pp. 993–1001, 1990. View at Publisher · View at Google Scholar · View at Scopus
  49. E. K. Tang, P. N. Suganthan, and X. Yao, “An analysis of diversity measures,” Machine Learning, vol. 65, no. 1, pp. 247–271, 2006. View at Publisher · View at Google Scholar · View at Scopus
  50. L. I. Kuncheva and C. J. Whitaker, “Measures of diversity in classifier ensembles and their relationship with the ensemble accuracy,” Machine Learning, vol. 51, no. 2, pp. 181–207, 2003. View at Publisher · View at Google Scholar · View at Scopus
  51. W. Leigh, R. Purvis, and J. M. Ragusa, “Forecasting the NYSE composite index with technical analysis, pattern recognizer, neural network, and genetic algorithm: a case study in romantic decision support,” Decision Support Systems, vol. 32, no. 4, pp. 361–377, 2002. View at Publisher · View at Google Scholar · View at Scopus
  52. A. C. Tan, D. Gilbert, and Y. Deville, “Multi-class protein fold classification using a New Ensemble Machine Learning Approach,” Genome Informatics, vol. 14, pp. 206–217, 2003.
  53. P. Mangiameli, D. West, and R. Rampal, “Model selection for medical diagnosis decision support systems,” Decision Support Systems, vol. 36, no. 3, pp. 247–259, 2004. View at Publisher · View at Google Scholar · View at Scopus
  54. R. Moskovitch, Y. Elovici, and L. Rokach, “Detection of unknown computer worms based on behavioral classification of the host,” Computational Statistics and Data Analysis, vol. 52, no. 9, pp. 4544–4566, 2008. View at Publisher · View at Google Scholar · View at Scopus
  55. R. P. W. Duin, “The combining classifier: to train or not to train?” in Proceedings of 16th International Conference on Pattern Recognition (ICPR' 02), pp. 765–770, Quebec City, Canada, 2002.
  56. E. Bauer and R. Kohavi, “Empirical comparison of voting classification algorithms: bagging, boosting, and variants,” Machine Learning, vol. 36, no. 1, pp. 105–139, 1999. View at Scopus
  57. T. G. Dietterich, “An experimental comparison of three methods for constructing ensembles of decision trees: bagging, boosting, and randomization,” Machine Learning, vol. 40, no. 2, pp. 139–157, 2000. View at Publisher · View at Google Scholar · View at Scopus
  58. R. E. Banfield, L. O. Hall, K. W. Bowyer, and W. P. Kegelmeyer, “A comparison of decision tree ensemble creation techniques,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 1, pp. 173–180, 2007. View at Publisher · View at Google Scholar · View at Scopus
  59. E. L. Allwein, R. E. Schapire, and Y. Singer, “Reducing multiclass to binary: a unifying approach for margin classifiers,” Journal of Machine Learning Research, vol. 1, no. 2, pp. 113–141, 2001. View at Scopus
  60. E. M. Kleinberg, “On the algorithmic implementation of stochastic discrimination,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 22, no. 5, pp. 473–490, 2000. View at Publisher · View at Google Scholar · View at Scopus
  61. L. Breiman, “Bias, variance and arcing classifiers,” Tech. Rep. TR 460, Statistics Department, University of California, Berkeley, Calif, USA, 1996.
  62. R. Hu and R. I. Damper, “A “No Panacea Theorem” for classifier combination,” Pattern Recognition, vol. 41, no. 8, pp. 2665–2673, 2008. View at Publisher · View at Google Scholar · View at Scopus
  63. A. Sharkey, “Types of multi-ney systems,” in Multiple Classifier Systems, Third International Workshop (MCS '02), F. Roli and J. Kittler, Eds., vol. 2364 of Lecture Notes in Computer Science, pp. 108–117, 2002.
  64. L. Rokach, “Taxonomy for characterizing ensemble methods in classification tasks: a review and annotated bibliography,” Computational Statistics and Data Analysis, vol. 53, no. 12, pp. 4046–4072, 2009. View at Publisher · View at Google Scholar · View at Scopus
  65. M. S. Kamel and N. M. Wanas, “Data dependence in combining classifiers,” in Proceedings of 4th International Workshop on Multiple Classifier Systems (MCS '03), T. Windeattand and F. Roli, Eds., vol. 2709 of Lecture Notes in Computer Science, pp. 1–14, Guildford, UK, 2003.
  66. I. H. Witten and E. Frank, Data Mining: Practical Machine Learning Tools and Techniques, The Morgan Kaufmann Series in Data Management Systems, Morgan Kaufmann, San Francisco, Calif, USA, 2nd edition, 2005.
  67. C. M. Bishop, Pattern Recognition and Machine Learning, Information Science and Statistics, Springer, New York, NY, USA, 2006.
  68. S. Marsland, Machine Learning: An Algorithmic Perspective, Chapman & Hall/CRC Machine Learning & Pattern Recognition, CRC Press, Boca Raton, Fla, USA, 2009.
  69. E. Alpaydin, Introduction to Machine Learning, Adaptive Computation and Machine Learning, The MIT Press, Cambridge, Mass, USA, 2nd edition, 2010.
  70. F. Kimura and M. Shridhar, “Handwritten numerical recognition based on multiple algorithms,” Pattern Recognition, vol. 24, no. 10, pp. 969–983, 1991. View at Publisher · View at Google Scholar · View at Scopus
  71. M. P. Perrone and L. N. Cooper, “When networks disagree: ensemble methods for hybrid neural networks,” in Artificial Neural Networks for Speech and Vision, R. J. Mammone, Ed., pp. 126–142, Chapman & Hall, London, UK, 1993.
  72. L. Lam and C. Y. Suen, “Application of majority voting to pattern recognition: an analysis of its behavior and performance,” IEEE Transactions on Systems, Man, and Cybernetics A, vol. 27, no. 5, pp. 553–568, 1997. View at Scopus
  73. L. Xu, A. Krzyzak, and C. Y. Suen, “Methods of combining multiple classifiers and their applications to handwriting recognition,” IEEE Transactions on Systems, Man and Cybernetics, vol. 22, no. 3, pp. 418–435, 1992. View at Publisher · View at Google Scholar · View at Scopus
  74. P. Domingos and M. Pazzani, “On the optimality of the simple Bayesian classifier under zero-one loss,” Machine Learning, vol. 29, no. 2-3, pp. 103–130, 1997. View at Scopus
  75. R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification, John Wiley & Sons, New York, NY, USA, 2nd edition, 2001.
  76. S. B. Cho and J. H. Kim, “Combining multiple neural networks by fuzzy integral for robust classification,” IEEE Transactions on Systems, Man and Cybernetics, vol. 25, no. 2, pp. 380–384, 1995. View at Publisher · View at Google Scholar · View at Scopus
  77. A. Verikas, A. Lipnickas, K. Malmqvist, M. Bacauskiene, and A. Gelzinis, “Soft combination of neural classifiers: a comparative study,” Pattern Recognition Letters, vol. 20, no. 4, pp. 429–444, 1999. View at Publisher · View at Google Scholar · View at Scopus
  78. M. Re and G. Valentini, “Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines,” Neurocomputing, vol. 73, no. 7–9, pp. 1533–1537, 2010. View at Publisher · View at Google Scholar · View at Scopus
  79. D. H. Wolpert, “Stacked generalization,” Neural Networks, vol. 5, no. 2, pp. 241–259, 1992. View at Scopus
  80. P. K. Chan and S. J. Stolfo, “On the accuracy of meta-learning for scalable data mining,” Journal of Intelligent Information Systems, vol. 8, no. 1, pp. 5–28, 1997. View at Scopus
  81. T. Hothorn and B. Lausen, “Bundling classifiers by bagging trees,” Computational Statistics and Data Analysis, vol. 49, no. 4, pp. 1068–1078, 2005. View at Publisher · View at Google Scholar · View at Scopus
  82. Y. Guan, C. L. Myers, D. C. Hess, Z. Barutcuoglu, A. A. Caudy, and O. G. Troyanskaya, “Predicting gene function in a hierarchical context with an ensemble of classifiers,” Genome Biology, vol. 9, supplement 1, article S3, 2008. View at Publisher · View at Google Scholar · View at Scopus
  83. G. Obozinski, G. Lanckriet, C. Grant, M. I. Jordan, and W. S. Noble, “Consistent probabilistic outputs for protein function prediction,” Genome Biology, vol. 9, supplement 1, article S6, 2008. View at Publisher · View at Google Scholar · View at Scopus
  84. W. B. Langdon and B. F. Buxton, “Genetic programming for improved receiver operating characteristics,” in Proceedings of the 2nd International Conference on Multiple Classifier System, J. Kittler and F. Roli, Eds., pp. 68–77, Cambridge, UK, 2001.
  85. E. Alpaydin and C. Kaynak, “Cascading classifiers,” Kybernetika, vol. 34, no. 4, pp. 369–374, 1998.
  86. G. Giacinto and F. Roli, “Dynamic classifier fusion,” in Proceedings of the Multiple Classifier Systems. First International Workshop (MCS '00), J. Kittler and F. Roli, Eds., vol. 1857 of Lecture Notes in Computer Science, pp. 177–189, Springer, Cagliari, Italy, 2000.
  87. E. M. Dos Santos, R. Sabourin, and P. Maupin, “A dynamic overproduce-and-choose strategy for the selection of classifier ensembles,” Pattern Recognition, vol. 41, no. 10, pp. 2993–3009, 2008. View at Publisher · View at Google Scholar · View at Scopus
  88. R. Perdisci, G. Giacinto, and F. Roli, “Alarm clustering for intrusion detection systems in computer networks,” Engineering Applications of Artificial Intelligence, vol. 19, no. 4, pp. 429–438, 2006. View at Publisher · View at Google Scholar · View at Scopus
  89. G. Tsoumakas, L. Angelis, and I. Vlahavas, “Selective fusion of heterogeneous classifiers,” Intelligent Data Analysis, vol. 9, no. 6, pp. 511–525, 2005.
  90. R. A. Jacobs, “Methods for combining experts' probability assessments,” Neural Computation, vol. 7, no. 5, pp. 867–888, 1995. View at Scopus
  91. X. Yao and M. Md. Islam, “Evolving artificial neural network ensembles,” IEEE Computational Intelligence Magazine, vol. 3, pp. 31–42, 2008.
  92. M. Y. Su, K. C. Chang, H. F. Wei, and C. Y. Lin, “Feature weighting and selection for a real-time network intrusion detection system based on GA with KNN,” Intelligence and Security Informatics, vol. 5075, pp. 195–204, 2008. View at Publisher · View at Google Scholar
  93. J. Xiao and H. Song, “A novel intrusion detection method based on adaptive resonance theory and principal component analysis,” in Proceedings of the International Conference on Communications and Mobile Computing (CMC '09), pp. 445–449, January 2009. View at Publisher · View at Google Scholar · View at Scopus
  94. R. Valentini, Ensemble Methods: A Review, CRC press, 2001.
  95. L. Breiman, “Random forests,” Machine Learning, vol. 45, no. 1, pp. 5–32, 2001. View at Publisher · View at Google Scholar · View at Scopus
  96. Y. Freund and R. E. Schapire, “Experiments with a new boosting algorithm,” in Proceedings of the 30th International Conference on Machine Learning, pp. 148–156, San Francisco, Calif, USA, 1996.
  97. R. Anand, K. Mehrotra, C. K. Mohan, and S. Ranka, “Efficient classification for multiclass problems using modular neural networks,” IEEE Transactions on Neural Networks, vol. 6, no. 1, pp. 117–124, 1995. View at Publisher · View at Google Scholar · View at Scopus
  98. T. Hastie and R. Tibshirani, “Classification by pairwise coupling,” The Annals of Statistics, vol. 26, no. 1, pp. 451–471, 1998. View at Scopus
  99. M. Moreira and E. Mayoraz, “Improved pairwise coupling classification with correcting classifiers,” in Proceedings of the 10th European Conference on Machine Learning, C. Nedellec and C. Rouveirol, Eds., vol. 1398 of Lecture Notes in Computer Science, pp. 160–171, Berlin, Germany, 1998.
  100. T. G. Dietterich and G. Bakiri, “Error—correcting output codes: a general method for improving multiclass inductive learning programs,” in Proceedings of the 9th AAAI National Conference on Artificial Intelligence, pp. 572–577, 1991.
  101. J. Zhou, H. Peng, and C. Y. Suen, “Data-driven decomposition for multi-class classification,” Pattern Recognition, vol. 41, no. 1, pp. 67–76, 2008. View at Publisher · View at Google Scholar · View at Scopus
  102. J. Friedman and P. Hall, “On bagging and nonlinear estimation,” Tech. Rep., Statistics Department, University of Stanford, Palo Alto, Calif, USA, 2000.
  103. L. I. Kuncheva, F. Roli, G. L. Marcialis, and C. A. Shipp, “Complexity of data subsets generated by the random subspace method: an experimental investigation,” in Multiple Classi_er Systems. Second International Workshop (MCS '01), J. Kittler and F. Roli, Eds., pp. 349–358, Cambridge, UK, 2001.
  104. M. Sewell, “Ensemble Learning,” Research Note RN/11/02, UCL department of computer science, 2011.
  105. E. Mayoraz and M. Moreira, “On the decomposition of polychotomies into dichotomies,” in Proceedings of the XIV International Conference on Machine Learning, pp. 219–226, Nashville, Tenn, USA, July 1997.
  106. E. Menahem, L. Rokach, and Y. Elovici, “Troika—an improved stacking schema for classification tasks,” Information Sciences, vol. 179, no. 24, pp. 4097–4122, 2009. View at Publisher · View at Google Scholar · View at Scopus
  107. L. Breiman, “Arcing classifiers,” The Annals of Statistics, vol. 26, no. 3, pp. 801–849, 1998. View at Scopus
  108. G. Valentini, Ensemble methods based on bias-variance analysis [Ph.D. thesis], University of Genova, Genova, Italy, 2003.
  109. C. Kruegel, G. Vigna, and W. Robertson, “A multi-model approach to the detection of web-based attacks,” Computer Networks, vol. 48, no. 5, pp. 717–738, 2005. View at Publisher · View at Google Scholar · View at Scopus
  110. I. Corona, D. Ariu, and G. Giacinto, “HMM-web: a framework for the detection of attacks against web applications,” in Proceedings of the IEEE International Conference on Communications (ICC '09), June 2009. View at Publisher · View at Google Scholar · View at Scopus
  111. Y. Yan and H. Hao, “An ensemble approach to intrusion detection based on improved multi-objective genetic algorithm,” Journal of Software, vol. 18, no. 6, pp. 1369–1378, 2007.
  112. W. M. Hu, W. Hu, and S. Maybank, “AdaBoost-based algorithm for network intrusion detection,” IEEE Transactions on Systems, Man, and Cybernetics B, vol. 38, no. 2, pp. 577–583, 2008. View at Publisher · View at Google Scholar · View at Scopus
  113. G. F. Cretu, A. Stavrou, M. E. Locasto, S. J. Stolfo, and A. D. Keromytis, “Casting out demons: sanitizing training data for anomaly sensors,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '08), pp. 81–95, IEEE Computer Society, May 2008. View at Publisher · View at Google Scholar · View at Scopus
  114. J. R. Quinlan, C4.5 Programs for Machine Learning, Morgan Kaufmann, San Mateo, Calif, USA, 1997.
  115. G. H. John and P. Langley, “Estimating continuous distributions in Bayesian classifiers,” in Proceedings of the Conference on Uncertainty in Artificial Intelligence, pp. 338–345, 1995.
  116. D. W. Aha, D. Kibler, and M. K. Albert, “Instance-based learning algorithms,” Machine Learning, vol. 6, no. 1, pp. 37–66, 1991. View at Publisher · View at Google Scholar · View at Scopus
  117. R. C. Holte, “Very simple classification rules perform well on most commonly used datasets,” Machine Learning, vol. 11, no. 1, pp. 63–91, 1993. View at Publisher · View at Google Scholar · View at Scopus
  118. J. Demšar, “Statistical comparisons of classifiers over multiple data sets,” Journal of Machine Learning Research, vol. 7, pp. 1–30, 2006. View at Scopus
  119. W. Khreich, E. Granger, A. Miri, and R. Sabourin, “Adaptive ROC-based ensembles of HMMs applied to anomaly detection,” Pattern Recognition, vol. 45, no. 1, pp. 208–230, 2012. View at Publisher · View at Google Scholar · View at Scopus
  120. Z. Muda, W. Yassin, M. N. Sulaiman, and N. I. Udzir, “A K-Means and Naive Bayes learning approach for better intrusion detection,” Information Technology Journal, vol. 10, no. 3, pp. 648–655, 2011. View at Publisher · View at Google Scholar · View at Scopus
  121. M. V. Mahoney and P. K. Chan, “An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection,” Tech. Rep. CS-200302, Computer Science Department, Florida Institute of Technology, 2003.
  122. G. Kumar and K. Kumar, “A novel evaluation function for feature selection based upon information theory,” in Proceedings of the IEEE International Conference on Electrical and Computer Engineering (CCECE '11), pp. 000395–000399, Niagara Falls, Canada, May 2011.