Adaptive Ensemble Learning for Intrusion Detection Systems

Abstract

For years, the European Commission has highlighted the need to invest in cybersecurity as a means of protecting institutions and citizens from the many threats in cyberspace. Attacks perpetrated through the network are extremely dangerous, also because their mitigation is complex, making it difficult to ensure an adequate level of security. One of the crucial elements in building an overall system of protection against network-based cyber attacks are Intrusion Detection Systems (IDSs), whose goal is to detect and identify such attacks and misuse of computer networks in a timely manner. Nowadays, the most effective IDSs are based on Machine Learning (ML) and are able to combine and analyze information from heterogeneous sources, such as network traffic, user activity patterns, and data extracted from system logs. However, these tools commonly exploit specific classifiers, whose performance is highly dependent on the attacks being considered, and are unable to generalize adequately enough to be applied in different contexts. The research laboratories of Networking and Distributed Systems and Artificial Intelligence at the University of Palermo are carrying out research activities in order to address these issues, with the main goal of designing a new generation of IDSs that, by dynamically and adaptively combining multiple classifiers, are able to overcome the limitations of state-of-the-art solutions.