Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation of abnormal behavior detection Algorithm and Optimizing the performance of Algorithm

비정상행위 탐지 알고리즘 구현 및 성능 최적화 방안

  • Shin, Dae-Cheol (Division of Eletronics and Computer, Hanseo University) ;
  • Kim, Hong-Yoon (Division of Eletronics and Computer, Hanseo University)
  • 신대철 (한서대학교 전자컴퓨터통신공학부) ;
  • 김홍윤 (한서대학교 전자컴퓨터통신공학부)
  • Received : 2010.10.07
  • Accepted : 2010.11.19
  • Published : 2010.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

With developing networks, information security is going to be important and therefore lots of intrusion detection system has been developed. Intrusion detection system has abilities to detect abnormal behavior and unknown intrusions also it can detect intrusions by using patterns studied from various penetration methods. Various algorithms are studying now such as the statistical method for detecting abnormal behavior, extracting abnormal behavior, and developing patterns that can be expected. Etc. This study using clustering of data mining and association rule analyzes detecting areas based on two models and helps design detection system which detecting abnormal behavior, unknown attack, misuse attack in a large network.

네트워크의 발달과 더불어 보안에 대한 중요성이 부각되면서 많은 침입탐지시스템이 개발되고 있다. 침입에 대한 다양한 침투기법을 미리 파악하여 패턴화시킴으로써 침입을 탐지하는 오용행위탐지와 알려진 침입뿐만 아니라 알려지지 않은 침입이나 비정상행위 탐지를 위한 비정상행위탐지 등이 그것이다. 현재 비정상행위탐지를 위한 통계적 방법 및 비정상적인 행위의 추출과 예측 가능한 패턴 생성을 위한 다양한 알고리즘 등이 연구되고 있다. 본 연구에서는 데이터 마이닝의 클러스터링 및 연관규칙을 사용하여 두 모델에 따른 탐지영역을 분석하여 대규모 네트워크에서의 침입탐지 시스템을 설계하는데 도움을 주고자 한다.

Keywords

References

  1. M. Sobirey, B. Richter, and H. Konig. The intrusion detection system AID. Architecture, and experiences in automated audit analysis. In Proceedings of the IFIPTC6/TC11 International Conference on Communications and Multimedia Security, pages 278-290, September 1996.
  2. G. B. White, U. W. Pooch. Cooperating Security Managers: distributed intrusion detection systems. Computers & Security 15(1996)5, pages 441-450. https://doi.org/10.1016/0167-4048(96)00012-0
  3. Gregory B. White, Eric A. Fisch, and Udo W. Pooch. Cooperating security managers: A peer-based intrusion detection system. IEEE Network, 10(1):20-23, January/February 1996. https://doi.org/10.1109/65.484228
  4. Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D. GrIDS - A Graph Based Intrusion Detection System for Large Networks. In Proceedings of the 19th National Information Systems Security Conference, pages 361-370, Oct. 1996.
  5. Winkler, J. R., Landry, L. C. Intrusion and anomaly detection, ISOA update. In Proceedings of the 15th National Computer Security Conference, pages 272-281, Oct. 1992.
  6. Winkler, J. R. A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks. In Proceedings of the 13th National Computer Security Conference, pages 115-124, Oct. 1990.
  7. Winkler, J. R., Page, W. J. Intrusion and Abnormal Detection in Trusted Systems. In Proceedings of the 5th Annual Computer Security Applications Conference, pages 39-45.
  8. Hochberg, J., Jackson, K., Stallings, C., McClary, J., DuBois, D., Ford, J. NADIR: An automated system for detecting network intrusions and misuse. Computers and Security 12(1993)3, May, pages 253-248.
  9. Jackson, K. A. NADIR: A Prototype System for Detecting Network and File System Abuse. In Proceedings of the 7th European Conference on Information Systems, Nov. 1992.
  10. Jackson, K., DuBois, D. H., Stallings, C. A. An expert system application for network intrusion detection. In Proceedings of the 14th National Computer Security Conference, pages 215-225, Oct. 1991.
  11. http://www.wheelgroup.com/netrangr/1netrang.html.
  12. P.G. Neumann and P.A. Porras, "Experience with emerald to date", 1st USENIX Workshop on IDS, Santa Clara, Cal, 11-12 April 1999.
  13. Porras, A. and Neumann, P. G. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the National Information Systems Security Conference, October 1997.
  14. J. Frank, "Machine learning and intrusion detection : Current and future directions, " Proc. 17th National Computer Security Conference, October 1994
  15. 한국정보보호센터 "정보통신기반구조보호기술개발" 1999.12, 2000.12
  16. D. Anderson, T.Frivold and A. Valdes, " Next-generation intrusion detection expert system(NIDES)," Technical Report SRI-CLS-95-07, May, 1995
  17. Harold S. Javitz and Alfonso Valdes, "The NIDES Statistical Component Description and Justification," Annual Report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025, March 1994.
  18. Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Stolfo ,"Adaptive Model Generation for Intrusion Detection Systems", Columbia University
  19. L.Todd Heberlein, Gihan V. Dias, Karl N. " A NETWORK SECURITY MONITOR", University of California, Davis 1990 IEEE https://doi.org/10.1109/RISP.1990.63859
  20. Wenke Lee, Salvatore J.Stolfo "Data Mining Approaches for Intrusion Detection" Computer Science Department Columbia University 500 West 120th Street, New York, NY10027
  21. Martin Ester, Hans-Peter Kriegel, Sander, Michael Wimmer, Xiaowei Xu, "Incremental Clustering for Mining in a Data Warehousing Environment", Proceedings of the 24th VLDB Conference, New York, USA, 1998
  22. Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, "ROCK: A Clustering Algorithm for Categorical Attributes," the 15th International Conference on IEEE Data Engineering, Sydney, Australia, 1999.
  23. Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, "CURE: An Efficient Clustering Algorithm for Large Databases," ACM SIGMOD International Conference on Management of Data, Seattle, Washington, 1998.
  24. Tian Zhang, Raghu Ramakrishnan, and Miron Livny, "Birch: An Efficient data clustering method for very large databases," Proceedings for the ACM SIGMOD Conference on Management of Data, Montreal, Canada, June 1996.
  25. Wenke Lee, Salvatore J.Stolfo, Kui W.Mok " A Data Mining for Building Intrusion Detection Models", Computer Science Department, Columbia University
  26. Bing Liu, Wynne Hsu, Yiming Ma, "Integrating Classification and Association Rule Mining", National University of Singapore 119260, KDD-98, New York, Aug 27-31, 1998
  27. Wenke Lee, Salvatore J.Stolfo, Wei Fan, Shlomo Hershkop "Real Time Data Mining-based Intrusion Detection" Computer Science Department, Columbia University
  28. Rakesh Agrawal, Ramakrshnan Srikant, "Fast Algorithms for Mining Association Rules", In Proc. Of the 20th VLDB conference, 1994
  29. 신대철, 이보경, 유동영, 김홍근 "네트워크 비정상행위탐지를 위한 클러스터링 모델"(한국정보보호진흥원) 2001. 10. WISC 발표