Abstract
Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of either network traffic data (Network-based IDS) or application/system logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and allows to incrementally classify attacks by integrating information extracted from both network traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
