The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

An Implementation of Mining Prototype System for Network Attack Analysis

네트워크 공격 분석을 위한 마이닝 프로토타입 시스템 구현

  • 김은희 (충북대학교 대학원 전자계산학과) ;
  • 신문선 (충북대학교 대학원 전자계산학) ;
  • 류근호 (충북대학교 전기전자 및 컴퓨터공학과)
  • Published : 2004.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Network attacks are various types with development of internet and are a new types. The existing intrusion detection systems need a lot of efforts and costs in order to detect and respond to unknown or modified attacks because of detection based on signatures of known attacks. In this paper, we present a design and implementation for mining prototype system to predict unknown or modified attacks through network protocol attributes analysis. In order to analyze attributes of network protocols, we use the association rule and the frequent episode. The collected network protocols are storing schema of TCP, UDP, ICMP and integrated type. We are generating rules that can predict the types of network attacks. Our mining prototype in the intrusion detection system aspect is useful for response against new attacks as extra tool.

네트워크 공격은 인터넷의 발달과 함께 유형도 다양하고 새로워지고 있다. 기존의 침입탐지 시스템들은 알려진 공격의 시그네처를 기반으로 탐지하기 때문에 알려지지 않거나 변형된 공격을 탐지하고, 대응하기 위해서는 많은 노력과 비용이 필요하다. 본 논문에서는 네트워크 프로토콜 속성 분석을 통해 알려지지 않거나 변형된 네트워크 공격을 예측할 수 있는 마이닝 프로토타입 시스템을 설계 하고 구현 하였다. 네트워크 프로토콜 속성을 분석하기 위해서 연관규칙과 빈발에피소드 기법을 사용하였으며, 수집된 네트워크 프로토콜은 TCP, UDP, ICMP와 통합된 형태의 스키마로 저장한다. 본 실험을 통해서 각 프로토콜별로 발생 가능한 네트워크 공격 유형을 예측할 수 있는 규칙들을 생성한다. 마이닝 프로토타입은 침입탐지 시스템에서 새로운 공격에 대응하기 위한 보조적인 .도구로서 유용하게 사용될 수 있다.

Keywords

References

  1. Wenke Lee, Salvatore J. Stolfo, 'Data Mining Approaches for Intrusion Detection,' In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January, 1998
  2. Wenke Lee, Salvatore J. Stolfo and K. W. Mok, 'Mining audit data to build introduction dection models,' In Proceedings of the 4th International conference on Knowledge Discovery and Data Mining, New York, NY, AAAI Press, August, 1998
  3. W. Lee, 'A Data mining framework for constructing features and models for intrusion detection systems,' Ph.D thesis Columbia university, 1999
  4. Wenke Lee, Wei Fan, 'Mining System Audit Data : Opportunities and Challenges,' In Proceedings of the ACM SIGMOD special issue 4, New York, NY, December, 2001
  5. K. Julisch, 'Dealing with False Positives in Intrusion Detection,' In 3nd Workshop on Recent Advances in Intrusion Detection, http://www.raid-symposium.org, 2000
  6. Cuppens, F., Miege, A., 'Alert correlation in a cooperative intrusion detection framework,' In Proceedings of the IEEE Symposium on Security and Privacy, 2002 https://doi.org/10.1109/SECPRI.2002.1004372
  7. Chris Sinclair, Lyn Pierce, Sara Matzner, 'An Application of Machine Learning to Network Intrusion Detection,' In Proceeding of the 15th Annual computer security applications conference, Phoenix, Arizona, 1999 https://doi.org/10.1109/CSAC.1999.816048
  8. W. W. Cohen, 'Fast effective rule induction. In Machine Learning,' the 12th International Conference, Lake Taho, CA, Morgan Kaufmann, 1995
  9. W. Lee, 'A Data mining framework for constructing features and models for intrusion detection systems,' Ph.D thesis Columbia university, June, 1999
  10. Salvatore J. Stolfo, Wei Fan, Wenke Lee, 'Cost-based Modeling for Fraud and Intrusion Detection : Results from the JAM Project,' In Proceedings of the DARPA Information Survivability Conference and Exposition, 2000 https://doi.org/10.1109/DISCEX.2000.821515
  11. V. Paxson, 'Bro : A System for detecting network intruders in real-time,' In Proceedings of the 7th USENIX Security Symposium, 1998
  12. P. A. Porras, P. G. Neumann, 'EMERALD : Event monitoring enabling responses to anomalous live disturbances,' In National Information Systems Security Conference, 1997
  13. C. Warrender, S. Forrest, B. Pearlmutter, 'Detecting intrusions using system calls : Alternative data models,' In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999 https://doi.org/10.1109/SECPRI.1999.766910
  14. S. Forest, S. Hofmeyr, A. Somayaji, T. A. Longstaff, 'A sense of self for Unix processes,' In Proceedings of the IEEE Symposium on Security and Privacy, 1996 https://doi.org/10.1109/SECPRI.1996.502675
  15. A. K. Ghosh, A. Schwartzbard, 'A study in using neural networks for anomaly and misuse detection,' In Proceedings of the 8th USENIX Security Symposium, 1999
  16. Jiawei Han, Micheline Kamber, 'Data Mining Concepts and Techniques,' Morgan Kaufmann Publishers, 2001
  17. R. Agrawal, T. Imielinski and A. Swami, 'Mining association rules between sets of items in large databases,' In Proceedings of the ACM SIGMOD Conference on Management of Data, 1993 https://doi.org/10.1145/170035.170072
  18. V. Jacobson, C. Leres, and S. McCanne, tcpdump. available via anonymous ftp to ftp.ee.lbl.gov, June, 1989