Abstract
A selection of useful measures and a generation of rules for detecting attacks from network data are very difficult. Expert’s experiences are commonly required to generate the detection rules. If the rules are generated automatically, we will reduce man-power, management expense, and complexity of intrusion detection systems. In this paper, we propose two methods for generating the detection rules. One method is the statistical method based on relative entropy that uses for selecting the useful measures for generating the accurate rules. The other is decision tree algorithm based on entropy theory that generates the detection rules automatically. Also we propose a method of converting the continuous measures into categorical measures because continuous measures are hard to analyze. As the result, the detection rules for attacks are automatically generated without expert’s experiences. Also, we selected the useful measures by the proposed method.
This work was supported (in part) by the Ministry of Information & Communications, Korea, under the Information Technology Research Center (ITRC) Support Program.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering (2) (1987)
The third international Knowledge discovery and data mining tools competition dataset KDD99 CUP (1998), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Mahoney, M., Chan, P.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Florida Institute of Tech. Technical Report CS-2001-4 (2001)
Mahoney, M., Chan, P.: Learning Models of Network Traffic for Detecting Novel Attacks. Florida Institute of Tech. Technical Report CS-2002-08 (2002)
Templeton, S., Levitt, K.: Detecting Spoofed Packets. In: Proc. of the DARPA Information Survivability Conferences and Exposition (2003)
Bykova, M.: Detecting Network Intrusions via a Statistical Analysis of Network Packet Characteristics. In: the 33rd Southeastern Symposium on System Theory(SSST 2001), Ohio Univ, pp. 18–20 (2001)
Bykova, M., Ostermann, S.: Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet. In: 2nd IMW 2002 (2002)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: statistical Approaches to DDos Attack Detection and Response. In: Proc. of the DARPA Information Survivability Conferences and Exposition, DISCEX 2003 (2003)
Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Intl. of Digital Evidence 1 (2003)
Chris, S., Lyn, P., Sara, M.: An Application of Machine Learning to Network Intrusion Detection. In: 54th Annual Computer Security application Conference (1999)
Bigus, J.: Data Mining with Neural Networks. McGraw-Hill, New York (1996)
Pearl, J.: Probabilistic Reasoning in Intelligent System, 2nd edn. Networks of Plausible Inference. Morgan Kaufmann, San Francisco (1997)
Barbara, D., Wu, N., Jajodia, S.: Detecting Novel Network Intrusions using Bayes Estimators. In: 1st SIA International Conf. on Data Mining (2001)
Ross Quinlan, J.: C4.5:Programs for Machine Learning. Morgan Kaufmann, San Mateo (1993)
Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)
Richard, P., David Freid, J.: Evaluating Intrusion Detection System: The, DARPA off-line Intrusion Detection Evaluation (1998)
Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (2001)
Yoh-Han, P.: Adaptive Pattern Recognition and Neural Networks. Addison-Wesley, Reading (1989)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mun, GJ., Kim, YM., Kim, D., Noh, BN. (2005). Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical Approach. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_22
Download citation
DOI: https://doi.org/10.1007/11599548_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30855-3
Online ISBN: 978-3-540-32424-9
eBook Packages: Computer ScienceComputer Science (R0)