Intrusion detection systems (IDSs) are a fundamental component of defense solutions. In particular, IDSs aim to detect malicious activities on computer systems and networks by relying on data classification models built from a training dataset. However, classifiers' performance can vary for each attack pattern. A common technique to overcome this issue is to use ensemble methods, where multiple classifiers are employed and a final decision is taken combining their outputs. Despite the potential advantages of such an approach, its usefulness is limited in scenarios where (i) multiple expert classifiers present divergent results, (ii) all classifiers present poor results due to lack of representative features, or (iii) detectors have insufficient labeled signatures to train their classifiers for a specific attack pattern. In this work, we introduce the concept of a counselors network to deal with conflicts from different classifiers by exploiting the collaboration among IDSs that analyze multiple and heterogeneous data sources. Empirical results demonstrate the feasibility of the proposed architecture in improving the accuracy of the intrusion detection process.

中文翻译：

---

入侵检测咨询网络

入侵检测系统（IDS）是防御解决方案的基本组成部分。特别是，IDS旨在通过依赖于训练数据集构建的数据分类模型来检测计算机系统和网络上的恶意活动。但是，分类器的性能可能因每种攻击模式而异。解决此问题的常用技术是使用集成方法，该方法采用多个分类器，并结合其输出做出最终决定。尽管这种方法具有潜在的优势，但在以下情况下它的实用性受到限制：（i）多个专家分类器呈现不同的结果，（ii）由于缺乏代表性特征，所有分类器均呈现差的结果，或者（iii）检测器的标记签名不足为特定的攻击模式训练分类器。在这项工作中，我们通过利用IDS之间的协作来分析不同分类器之间的冲突，来引入辅导员网络的概念，这些IDS可以分析多个异构数据源。实验结果证明了所提出的体系结构在提高入侵检测过程的准确性方面的可行性。