International Journal of Fuzzy Logic and Intelligent Systems

Korean Institute of Intelligent Systems (한국지능시스템학회)
권호 표지
DOI QR코드

DOI QR Code

The Design and Implementation of Anomaly Traffic Analysis System using Data Mining

  • Lee, Se-Yul (Department of Computer Science, Chungwoon University) ;
  • Cho, Sang-Yeop (Department of Internet, Chungwoon University) ;
  • Kim, Yong-Soo (Department of Computer Engineering, Daejeon University)
  • Published : 2008.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.

Keywords

References

  1. Lee, W., Stolfo, S. J., 'A data mining framework for building intrusion detection models,' IEEE Symposium on Security and Privacy, pp. 209-220, 1999
  2. Safavi-Naini, R., Balachadran, B., 'Case-based reasoning for intrusion detection,' 12th Annual Computer Security Application Conference, pp. 214-223, 1996
  3. Denning, D. E., 'An intrusion detection model,' IEEE Trans. S. E., SE-13(2), pp. 222-232, 1987 https://doi.org/10.1109/TSE.1987.232894
  4. Richards, K., 'Network based intrusion detection: a review of technologies,' Computer and Security, pp. 671-682, 1999
  5. Debar, H., Dacier, M., 'Towards a taxonomy of intrusion detection systems,' Computer Networks, pp. 805-822, 1989
  6. Debar, H., Becker, M., 'A neural network component for an intrusion detection system,' IEEE Computer Society Symposium Research in Security and Privacy, pp. 240-250, 1992
  7. Weber, R., 'Information Systems Control and Audit,' IEEE Symposium on Security and Privacy, pp. 120-128, 1999
  8. Lippmann, R. P., 'Improving intrusion detection performance using keyword selection and neural networks,' Computer Networks, Vol. 24, pp. 597-603, 2000
  9. Jasper, R. J., Huang, M. Y., 'A large scale distributed intrusion detection framework based on attack strategy analysis,' Computer Networks, Vol. 31, pp. 2465-2475, 1999 https://doi.org/10.1016/S1389-1286(99)00114-0
  10. Ilgun, K., Kemmerer, R. A., 'Ustat: a real time intrusion system for UNIX,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 16-28, 1993
  11. Hubbards, B., Haley, T., McAuliffe, L., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M., 'Computer system intrusion detection,' IEEE Computer Society Symposium Research in Security and Privacy, pp. 120-128, 1990
  12. Vaccaro, H. S., 'Detection of anomalous computer session activity,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 280-289, 1989
  13. Helman, P., 'Statistical foundations of audit trail analysis for the detection of computer misuse,' IEEE Transactions on software engineering, Vol. 19, pp. 861-901, 1993
  14. Se-Yul Lee and Yong-Soo Kim, 'Design and analysis of probe detection systems for TCP networks,' International Journal of Advanced Computational Intelligence & Intelligent Informatics, Vol. 8, pp. 369-372, 2004 https://doi.org/10.20965/jaciii.2004.p0369
  15. Se-Yul Lee, An Adaptive probe detection model using fuzzy cognitive maps, Ph. D. Dissertation, Daejeon University, 2003
  16. Maxion, R. A., 'Masquerade detection truncated command lines,' International Conference on Dependable Systems and Networks, pp. 219-228, 2002
  17. Se-Yul Lee, Byoung-Chan Chun, Yong-Soo Kim, 'The network model for Detection Systems based on data mining and the false errors,' International Journal of Fuzzy Logic and Intelligent Systems, Vol. 6, No. 2, pp. 64-68, 2006 https://doi.org/10.5391/IJFIS.2006.6.2.173