Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2004: Computational Science and Its Applications – ICCSA 2004 pp 547–556Cite as

Intrusion Detection Using Noisy Training Data

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Abstract

One of the greatest difficulties in anomaly detection is to obtain training data having no intrusions. In anomaly detection, training data should be obtained from the target system. If there exists an intrusion in this data, the trained intrusion detection system will assume that it is normal and will not detect subsequent occurrences. In this paper, we present a system call based anomaly detection method that can detect intrusions effectively even though the training set contains intrusions. This scheme exploits the property that if there is an intrusion hidden in the training data, it is likely to consist of a sequence of elements having low frequencies of occurrence. Compared with the previous schemes, simulation results show that with the training data containing intrusions the proposed method has lower false positive rates and higher detection rates. Moreover, for clean training data our method and the previous schemes shows similar performance. The proposed method can be viewed as an approach to increase practicality of anomaly detection and to enhance reliability of security policy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barnett, V., Lewis, T.: Outliers in Statistical Data. John Wiley and Sons, New York (1994)

    MATH  Google Scholar 

  2. CERT. CERT Advisory CA-1997-13 Vulnerability in xlock, http://www.cert.org/advisories/CA-1997-13.html (1997)

  3. CERT. CERT Advisory CA-98.05 Topic: Multiple Vulnerabilities in BIND, http://www.cert.org/advisories/CA-98.05.bind_problems.html (1998)

  4. Computer Science Department Univ. of New Mexico. Sequence-based intrusion detection data sets, http://www.cs.unm.edu/~immsec/systemcalls.htm (1998)

  5. Eskin, E.: Anomaly Detection over Noisy Data using Learned Probability Distributions. In: Proceedings of 17th International Conference on Machine Learning, Morgan Kaufmann, San Francisco, CA, pp. 255–262 (2000)

    Google Scholar 

  6. Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy, pp. 130–143 (2001)

    Google Scholar 

  7. Ran, K.M.C., Maxion, R.A.: Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. In: IEEE Symposium on Security and Privacy, Los Alamitos, CA, pp. 188–201 (2002)

    Google Scholar 

  8. Warrender, C., Forrest, S., Pearlmutter, B.A.: Detecting Intrusions using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy, pp. 133–145 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Seoul National University, San 56-1, Shillim-dong, Gwanak-gu, Seoul, 151-742, Korea

    Yongsu Park & Yookun Cho

  2. Connectivity Laboratory, Digital Media R&D Center, Samsung Electronics, Suwon, Korea

    Jaeheung Lee

Authors
  1. Yongsu Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaeheung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yookun Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, Y., Lee, J., Cho, Y. (2004). Intrusion Detection Using Noisy Training Data. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_66

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_66

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation