Skip to main content
SpringerLink
Log in

Toward Lightweight Intrusion Detection System Through Simultaneous Intrinsic Model Identification

  • Conference paper
Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops (ISPA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4331))

Abstract

Intrusion Detection System (IDS) should guarantee high detection rates with minimum overheads to figure out intrusion detection model and process audit data. The previous approaches have mainly focused on feature selection of audit data and parameters optimization of intrusion detection models. However, feature selection and parameters optimization have been performed in separate way. Several hybrid approaches based on soft computing techniques are able to perform both of them together but they have more computational overheads. In this paper, we propose a new approach named Simultaneous Intrinsic Model Identification (SIMI), which enable one to perform both feature selection and parameters optimization together without any additional computational overheads. SIMI adopts Random Forest (RF) which is a promising machine learning algorithm and has been shown similar or better classification rates compared to Support Vector Machines (SVM). SIMI is able to model lightweight intrinsic intrusion detection model with optimized parameters and features. After determination of the intrinsic intrusion detection model, we visualize normal and attack patterns in 2 dimensional space using Multidimensional Scaling (MDS). We carry out several experiments on KDD 1999 intrusion detection dataset and validate the feasibility of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  2. Dash, M.: Feature Selection for Clustering – A Filter Solution. In: Proc. of IEEE Int. Conf. on Data Mining (ICDM), pp. 115–122 (2002)

    Google Scholar 

  3. Hall, M.A., Smith, L.A.: Feature subset selection: a correlation based filter approach. In: Proc. of Fourth Int. Conf. on Neural Information Processing and Intelligent Information Systems, pp. 855–858 (1997)

    Google Scholar 

  4. Intrusion Detection System.: http://www.webopedia.com/TERM/I/intrusion_detection_system.html

  5. KDD Cup 1999 Data.: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  6. KDD-Cup-99 Task Description.: http://kdd.ics.uci.edu/databases/kddcup99/task.html

  7. Kim, D., Park, J.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Kohavi, R., John, G.H.: Wrappers for feature subset selection. Artificial Intelligence 97(1–2), 273–324 (1997)

    Article  MATH  Google Scholar 

  10. Middlemiss, M., Dick, G.: Feature Selection of Intrusion Detection Data using a Hybrid Genetic Algorithm/KNN Approach. In: Third Int. Conf. on Hybrid Intelligent Systems, Melbourne, Australia (2003)

    Google Scholar 

  11. Moradi, M., Zulkernine, M.: A Neural Network Based System for Intrusion Detection and Classification of Attacks. In: Proc. of IEEE Int. Conf. on Advances in Intelligent Systems-Theory and Applications, Luxembourg (2004)

    Google Scholar 

  12. Mukkamala, S., Sung, A.H., Ribeiro, B.M.: Model Selection for Kernel Based Intrusion Detection Systems. In: Proc. of Int. Conf. on Adaptive and Natural Computing Algorithms, pp. 458–461. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Noelia, S.-M.: A New Wrapper Method for Feature Subset Selection

    Google Scholar 

  14. Park, J., Shazzad, S.K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System Through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Rylander, B.: Computational Complexity and the Genetic Algorithm. Thesis for Ph.D., University of Idaho (2001)

    Google Scholar 

  16. Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)

    Google Scholar 

  17. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  18. The R Project for Statistical Computing, http://www.r-project.org/

  19. Young, F.W., Hamer, R.M.: Theory and Applications of Multidimensional Scaling. Eribaum Associates, Hillsdale (1994)

    Google Scholar 

  20. Zhang, J., Zulkernine, M.: Network Intrusion Detection using Random Forests. In: Proc. of 3rd Annual Conf. on Privacy, Security and Trust (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Security Lab., Hankuk Aviation University, Seoul, Korea

    Dong Seong Kim, Sang Min Lee & Jong Sou Park

Authors
  1. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sang Min Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Sou Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, School of Informatics, University of Bradford, BD7 1DP, Bradford, U.K.

    Geyong Min

  2. Dipartimento di Ingegneria dell’ Informazione - Second, University of Naples - Italy, Real Casa dell’Annunziata - via Roma, 29 81031, Aversa (CE), Italy

    Beniamino Di Martino

  3. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  4. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200030, Shanghai, China

    Minyi Guo

  5. Department of Computer Science, Chemnitz University of Technology, Germany

    Gudula Rünger

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, D.S., Lee, S.M., Park, J.S. (2006). Toward Lightweight Intrusion Detection System Through Simultaneous Intrinsic Model Identification. In: Min, G., Di Martino, B., Yang, L.T., Guo, M., Rünger, G. (eds) Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops. ISPA 2006. Lecture Notes in Computer Science, vol 4331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11942634_100

Download citation

  • DOI: https://doi.org/10.1007/11942634_100

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49860-5

  • Online ISBN: 978-3-540-49862-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation