Skip to main content

Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical Approach

  • Conference paper
Information Security and Cryptology (CISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3822))

Included in the following conference series:

  • 769 Accesses

Abstract

A selection of useful measures and a generation of rules for detecting attacks from network data are very difficult. Expert’s experiences are commonly required to generate the detection rules. If the rules are generated automatically, we will reduce man-power, management expense, and complexity of intrusion detection systems. In this paper, we propose two methods for generating the detection rules. One method is the statistical method based on relative entropy that uses for selecting the useful measures for generating the accurate rules. The other is decision tree algorithm based on entropy theory that generates the detection rules automatically. Also we propose a method of converting the continuous measures into categorical measures because continuous measures are hard to analyze. As the result, the detection rules for attacks are automatically generated without expert’s experiences. Also, we selected the useful measures by the proposed method.

This work was supported (in part) by the Ministry of Information & Communications, Korea, under the Information Technology Research Center (ITRC) Support Program.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering (2) (1987)

    Google Scholar 

  2. The third international Knowledge discovery and data mining tools competition dataset KDD99 CUP (1998), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  3. Mahoney, M., Chan, P.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Florida Institute of Tech. Technical Report CS-2001-4 (2001)

    Google Scholar 

  4. Mahoney, M., Chan, P.: Learning Models of Network Traffic for Detecting Novel Attacks. Florida Institute of Tech. Technical Report CS-2002-08 (2002)

    Google Scholar 

  5. Templeton, S., Levitt, K.: Detecting Spoofed Packets. In: Proc. of the DARPA Information Survivability Conferences and Exposition (2003)

    Google Scholar 

  6. Bykova, M.: Detecting Network Intrusions via a Statistical Analysis of Network Packet Characteristics. In: the 33rd Southeastern Symposium on System Theory(SSST 2001), Ohio Univ, pp. 18–20 (2001)

    Google Scholar 

  7. Bykova, M., Ostermann, S.: Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet. In: 2nd IMW 2002 (2002)

    Google Scholar 

  8. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: statistical Approaches to DDos Attack Detection and Response. In: Proc. of the DARPA Information Survivability Conferences and Exposition, DISCEX 2003 (2003)

    Google Scholar 

  9. Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Intl. of Digital Evidence 1 (2003)

    Google Scholar 

  10. Chris, S., Lyn, P., Sara, M.: An Application of Machine Learning to Network Intrusion Detection. In: 54th Annual Computer Security application Conference (1999)

    Google Scholar 

  11. Bigus, J.: Data Mining with Neural Networks. McGraw-Hill, New York (1996)

    Google Scholar 

  12. Pearl, J.: Probabilistic Reasoning in Intelligent System, 2nd edn. Networks of Plausible Inference. Morgan Kaufmann, San Francisco (1997)

    Google Scholar 

  13. Barbara, D., Wu, N., Jajodia, S.: Detecting Novel Network Intrusions using Bayes Estimators. In: 1st SIA International Conf. on Data Mining (2001)

    Google Scholar 

  14. Ross Quinlan, J.: C4.5:Programs for Machine Learning. Morgan Kaufmann, San Mateo (1993)

    Google Scholar 

  15. Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)

    MATH  Google Scholar 

  16. Richard, P., David Freid, J.: Evaluating Intrusion Detection System: The, DARPA off-line Intrusion Detection Evaluation (1998)

    Google Scholar 

  17. Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

  18. Yoh-Han, P.: Adaptive Pattern Recognition and Neural Networks. Addison-Wesley, Reading (1989)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mun, GJ., Kim, YM., Kim, D., Noh, BN. (2005). Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical Approach. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_22

Download citation

  • DOI: https://doi.org/10.1007/11599548_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30855-3

  • Online ISBN: 978-3-540-32424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics