ABSTRACT
This paper first analyzes and compares misuse detection and anomaly detection. Misuse detection can't detect new or unknown intrusion, while anomaly detection has the shortcoming on detection rate and false alarm rate. In order to overcome their respective shortcomings, we propose a framework of cooperating intrusion detection based on clustering analysis and expert system. It can meet the demand of real-time detection through clustering method and detect new or unknown intrusion. It integrates the virtues of both misuse detection and anomaly detection to improve the detection performance. Moreover it converts unknown intrusion to known intrusion, hence improves the detection accuracy and efficiency.
- Lunt, T. Tamaru, A. Gilham, F. Jagann-athan, R. Nermann, P. Javitz, H. Valdes, A. Garvey, T. A real-time intrusion detection expert system (IDES) final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo park, California, 1992.Google Scholar
- Debar, H. Becker, M. Siboni, D. A neural network component for an intrusion detection system. In: Proceedings of the 1992 IEEE computer society symposium on research in security and privacy held on Oakland, 1992, 256--266. Google ScholarDigital Library
- Forrest, S. Perelson, S. A. Allen, L. Self-nonself discrimination in a computer {C}. In: proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los Alamos, CA, IEEE Computer Society Press, 1994. Google ScholarDigital Library
- Jun-zhong Zhao. Hou-kuan Huang. An intrusion detection system based on data mining and immune principles. In: Proceedings of the First International Conference on Machine learning and Cybernetics, Beijing, 2002, 524--528.Google Scholar
- Lee, W. Srolfo, S. J. Mok, K. W. A Data Mining Framework for Building Intrusion Detection Models{C}. In: IEEE Symposium on Security and Privacy, 1999, 120--132.Google Scholar
- Lee, W. Stolfo, S. J. Mok, K. W. Mining in a data-flow environment: experience in intrusion detection. submitted for publication, 1999. Google ScholarDigital Library
- Portnoy, L. Eskin, E. Stolfo, S. J. Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001). Philadelphia, ACM Press, 2001(11).Google Scholar
- Guan, Y. Ghorbani, A. Belacel, N. Y-means: A clustering method for intrusion detection. In: Proceedings of Canadian Conference on Electrical and Computer Engineering, Canada, 2003, 1083--1086.Google Scholar
- Xiangyang, Li. Clustering and Classification Algorithm for Computer Intrusion Detection {PhD.}, Arizona State University, December 2001. Google ScholarDigital Library
- Debra, Anderson. Thane Frivold. Alfonso Valdes. Next-generation Intrusion Detection Expert System (NIDES) A Summary. Computer Science Laboratory, SRI-CSL-95-07, 1995.Google Scholar
- Lindqvist, U. Porras, P. A. Detecting computer and network misuse through the production-based expert system toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, 146--161.Google ScholarCross Ref
- Tsang, E. C. C. Yeung, D. S. Wang, X. Z. OFFSS: optimal fuzzy-valued feature subset selection. Fuzzy Systems, IEEE Transactions, April 2003. Google ScholarDigital Library
- Schuschel, D. Chun-Nan, Hsu. A weight analysis-based wrapper approach to neural nets feature subset selection. In: Tenth IEEE International Conference on, Tools with Artificial Intelligence, 1998.Google ScholarCross Ref
Recommendations
A Hybrid Network Intrusion Detection Technique Using Random Forests
ARES '06: Proceedings of the First International Conference on Availability, Reliability and SecurityIntrusion detection is important in network security. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually ...
Resistance analysis to intruders' evasion of detecting intrusion
ISC'06: Proceedings of the 9th international conference on Information SecurityMost network intruders launch their attacks through a chain of compromised hosts (stepping-stones) to reduce the risks of being detected or captured. Detecting such kind of attacks is important and difficult because of intruders' evasion to detection, ...
Misuse-based intrusion detection using Bayesian networks
This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Bayesian system for intrusion detection (Basset) extends functionality of Snort, an open-source network ...
Comments