Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Comparative Study on the Performance of Intrusion Detection using Decision Tree and Artificial Neural Network Models

의사결정트리와 인공 신경망 기법을 이용한 침입탐지 효율성 비교 연구

  • 조성래 (경상대학교 대학원 경영정보학과) ;
  • 성행남 (경상대학교 경영대학) ;
  • 안병혁 (경상대학교 경영대학 경영정보학과, 경영경제연구소)
  • Received : 2015.11.16
  • Accepted : 2015.11.25
  • Published : 2015.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Currently, Internet is used an essential tool in the business area. Despite this importance, there is a risk of network attacks attempting collection of fraudulence, private information, and cyber terrorism. Firewalls and IDS(Intrusion Detection System) are tools against those attacks. IDS is used to determine whether a network data is a network attack. IDS analyzes the network data using various techniques including expert system, data mining, and state transition analysis. This paper tries to compare the performance of two data mining models in detecting network attacks. They are decision tree (C4.5), and neural network (FANN model). I trained and tested these models with data and measured the effectiveness in terms of detection accuracy, detection rate, and false alarm rate. This paper tries to find out which model is effective in intrusion detection. In the analysis, I used KDD Cup 99 data which is a benchmark data in intrusion detection research. I used an open source Weka software for C4.5 model, and C++ code available for FANN model.

Keywords

References

  1. 박대우, "국가사이버보안정책에서 해킹에 대한 소고," 한국정보보호학회논문지, 제21권, 제6호, 2011, pp. 24-41.
  2. Wu, S. and Yen, E., "Data Mining-based Intrusion Detectors," Expert Systems with Applications, Vol. 36, No. 3, 2009, pp. 5605-5612. https://doi.org/10.1016/j.eswa.2008.06.138
  3. Bace, R. and Mell, P., NIST Special Publication on Intrusion Detection Systems, 2001.
  4. Singaraju, S., and Kalpana, P., A Precise Survey on Intrusion Detection Systems, 2012.
  5. 신대철.김홍윤, "침입탐지 알고리즘 성능 최적화 및 평가 방법론 개발," 디지털산업정보학회논문지, 제8권, 제1호, 2012, pp. 125-137.
  6. 양환석, "프로토콜 기반 분산 침입탐지시스템 설계 및 구현," 디지털산업정보학회논문지, 제8권, 제1호, 2012, pp. 81-87.
  7. Beigh, B. M. and Peer, M. A. "Intrusion Detection and Prevention System: Classification and Quick Review," ARPN Journal of Science and Technology, Vol. 2, No. 7, 2012, pp. 661-675.
  8. Kumar, Y. and Dhawan, S., "A Review on Information Flow in Intrusion Detection System," International Journal of Computational Engineering and Management, Vol. 15, No. 1, 2012, pp.91-96.
  9. Denning, D. E., "An Intrusion-Detection Model," IEEE Transaction on Software Engineering, Vol. 13, No. 2, 1987, pp. 222-232.
  10. Nguyen, H. A. and Choi. D., "Application of Data Mining to Network Intrusion Detection: Classifier Selection Model," Challenges for Next Generation Network Operations and Service Management -Lecture Notes in Computer Science, Vol. 5297, 2008, pp. 399-408.
  11. Jalil, K. A., Kamarudin, M. H., and Masrek, M. N., "Comparison of Machine Learning Algorithms Performance in Detecting Network Intrusion," Networking and Information Technology 2010 International Conference, 2010, pp. 221-226.
  12. Osareh, A. and Shadgar, B., "Intrusion Detection in Computer Networks Based on Machine Learning Algorithms," International Journal of Computer Science and Network Security, Vol. 8, No. 11, 2008, pp. 15-23.
  13. Ibrahim, H. E., Badr, S. M., and Shaheen, M. A. "Phases vs. Levels using Decision Trees for Intrusion Detection Systems," International Journal of Computer Science and Information Security, Vol. 10, No. 8, 2012, pp. 1-7.
  14. Quinlan, J. R., C4.5 : Programs for Machine Learning, Morgan Kaufmann Publishers, 1992.
  15. McCulloch, Warren S., and Walter Pitts., "A logical Calculus of the Ideas Immanent in Nervous Activity," The Bulletin of Mathematical Biophysics, Vol. 5, No. 4, 1943, pp. 115-133. https://doi.org/10.1007/BF02478259
  16. Rosenblatt, F., Principles of Neurodynamics. 1962.
  17. Widrow, B. and Hoff, M. E., Adaptive Switching Circuits. In: Neurocomputing: Foundations of Research. MIT Press, 1988.
  18. Minsky, M. and Papert, S., Perceptrons, MIT Press, 1969.
  19. Rumelhart, D. E., Hinton, G. E., and Williams, R. J. Learning Internal Representations by Error Propagation. Institute for Cognitive Science, University of California, San Diego, 1985.
  20. Ahn, B. H., "Forward Additive Neural Network Models," PhD dissertation, Kent State University, Kent, OH, USA, 1996.
  21. 이한성, 임영희, 박주영, 박대희., "SVM 클러스터링 기반 적응형 침입탐지 시스템," 퍼지 및 지능 시스템학회논문지, 제13권, 제2호, 2003, pp. 237-242.
  22. Zarrabi, A. and Zarrabi, A., "Internet Intrusion Detection System Service in a Cloud," International Journal of Computer Science Issues, Vol. 9, Issue 5, No 2, 2012, pp. 308-315.
  23. Fares, A. H., Sharawy, M. I., and Zayed, H. H., "Intrusion Detection: Supervised Machine Learning," Journal of Computing Science and Engineering, Vol. 5, No. 4, 2011, pp. 305-313. https://doi.org/10.5626/JCSE.2011.5.4.305
  24. Weka, http://www.cs.waikato.ac.nz/ml/weka/index.html

Cited by

  1. An Efficient Hybrid Self-Learning Intrusion Detection System Based on Neural Networks pp.1757-5885, 2019, https://doi.org/10.1142/S1469026819500019
  2. 자가적응모듈과 퍼지인식도가 적용된 하이브리드 침입시도탐지모델 vol.13, pp.3, 2015, https://doi.org/10.17662/ksdim.2017.13.3.019