Using Data Field to Analyze Network Intrusions

Xie, Feng; Bai, Shuo

doi:10.1007/11689522_8

Feng Xie^19,20 &
Shuo Bai¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

Included in the following conference series:

International Conference on Information Security Practice and Experience

483 Accesses

Abstract

In this paper, we propose a new approach to detect network attacks. Network connections are first transformed into data points in the feature space we predetermined. With the field concept in physics, we consider each point like an electric charge exerts a force on others around it and therefore forms a field which we call data field. Each incoming data object would obtain an amount of the potential energy from the field, from which we can recognize the class of such object. We evaluated our approach over KDD Cup 1999 data set. Experimental results show most attacks can be correctly discriminated in our data field and the false positive rate is acceptable. Compared with other approaches, our method has the better performance in detection of PROBE and U2R attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs. Decision Trees in Intrusion Detection Systems. In: Proc. of the 19th ACM Symposium on Applied Computing, SAC 2004 (2004)
Google Scholar
Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection. SIGMOD Record (2001)
Google Scholar
Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proc. of the IEEE Workshop on Information Assurance and Security, West Point, NY (June 2001)
Google Scholar
Denning, D.: An Intrusion Detection Model. IEEE Transactions on Software Engineering SE-13, 222–232 (1987)
Article Google Scholar
Ertoz, L., Eilertson, E., Lazarevic, A.: Detection of Novel Network Attacks Using Data Mining. In: Proc. of Workshop on Data Mining for Computer Security (November 2003)
Google Scholar
Ertoz, L., Eilertson, E., Lazarevic, A.: The MINDS - Minnesota Intrusion Detection System. In: Proc. of Workshop on Next Generation Data Mining (2004)
Google Scholar
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Proc. of Application of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Google Scholar
Fan, W., Stolfo, S.J., Zhang, J., Chan, P.K.: AdaCost: Misclassification Costsensitive Boosting. In: Proc. of the 16th International Conference on Machine Learning (1999)
Google Scholar
KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Lee, W., Stolfo, S.J., Mok, K.W.: Mining Audit Data to Build Intrusion Detection Models. In: Proc. of the 4th International Conference on Knowledge Discovery and Data Mining, New York (August 1998)
Google Scholar
Lee, W., Stolfo, S.J., Mok, K.W.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. of the IEEE Symposium on Security and Privacy (May 1999)
Google Scholar
Levin, I.: KDD-99 Classifier Learning Contest LLSoft’s Results Overview. SIGKDD Explorations 1(2), 67–75 (2000)
Article Google Scholar
Oldmeadow, J., Ravinutala, S., Leckie, C.: Adaptive Clustering for Network Intrusion Detection. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS (LNAI), vol. 3056, pp. 255–259. Springer, Heidelberg (2004)
Chapter Google Scholar
Pfahringer, B.: Winning the KDD99 Classification Cup: Bagged Boosting. SIGKDD explorations 1(2), 65–66 (2000)
Article Google Scholar
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion Detection with Unlabeled Data Using Clustering. In: Proc. of ACM CSS Workshop on Data Mining Applied to Security (2001)
Google Scholar
Ye, N., Chen, Q.: An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems. Quality and Reliability Engineering International 17(2), 105–112 (2001)
Article MathSciNet Google Scholar

Download references

Author information

Authors and Affiliations

Software Department, Inst. of Computing Tech., Chinese Academy of Science, P.O. Box 2704, Beijing, 100080, P.R. China
Feng Xie & Shuo Bai
Graduate School, Chinese Academy of Science, Beijing, P.R. China
Feng Xie

Authors

Feng Xie
View author publications
You can also search for this author in PubMed Google Scholar
Shuo Bai
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China
Kefei Chen & Xuejia Lai &
Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore
Robert Deng
Cryptography and Security Department Institute for Infocomm Research, Singapore
Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Xie, F., Bai, S. (2006). Using Data Field to Analyze Network Intrusions. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_8

Download citation

DOI: https://doi.org/10.1007/11689522_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics