A Cybersecurity Framework for Classifying Non Stationary Data Streams Exploiting Genetic Programming and Ensemble Learning

Abstract

Intrusion detection systems have to cope with many challenging problems, such as unbalanced datasets, fast data streams and frequent changes in the nature of the attacks (concept drift). To this aim, here, a distributed genetic programming (GP) tool is used to generate the combiner function of an ensemble; this tool does not need a heavy additional training phase, once the classifiers composing the ensemble have been trained, and it can hence answer quickly to concept drifts, also in the case of fast-changing data streams. The above-described approach is integrated into a novel cybersecurity framework for classifying non stationary and unbalanced data streams. The framework provides mechanisms for detecting drifts and for replacing classifiers, which permits to build the ensemble in an incremental way. Tests conducted on real data have shown that the framework is effective in both detecting attacks and reacting quickly to concept drifts.