Network anomaly detection based on an ensemble of adaptive binary classifiers

Abstract

The paper proposes a technique for constructing the ensemble of adaptive binary classifiers on the example of solving the problem of detection of anomalous connections in the network traffic. The detectors are used in the role of the atomic units of object classification, the principle of functioning of each ones is recognition of only one class of objects among all the others. Formation of the decisive classification rule is based on the standard procedures and includes majority voting, stacking and combining using the arbiter based on the dynamic competence regions. The novel features of the proposed technique, which contains the presented approaches, are possibility to establish an arbitrary nesting of the classifiers and lazy involvement of classifiers due to the descending cascade learning of the binary classifier ensemble. The results of experiments using the open data set for calculating the performance indicators of detection and classification of network anomalies are provided.