Hierarchical hybridization of binary classifiers for detecting anomalous network connections

The paper considers a generalized hybrid approach for constructing a set of classification rules through the example of detection of anomalous network connections. There are five stages in the proposed technique. The first stage involves the setting of adaptive classifiers. At the second stage the signature analysis, creation of network connections and formation of network parameters are performed. The third stage is preprocessing of network parameters. At the fourth stage bypassing of a classifier tree in width is performed together with training or testing. The fifth stage is a detection of anomalous network connections. The distinctive features of the proposed technique are the possibility to set an arbitrary nesting of classifiers in each other and a lazy involvement of classifiers due to descending cascade learning of a general classifier fusion. The results of the experiments with the use of an open data set for calculating the performance rates of detection and classification of network anomalies are provided.