Browse > Article
http://dx.doi.org/10.5391/IJFIS.2008.8.4.316

The Design and Implementation of Anomaly Traffic Analysis System using Data Mining  

Lee, Se-Yul (Department of Computer Science, Chungwoon University)
Cho, Sang-Yeop (Department of Internet, Chungwoon University)
Kim, Yong-Soo (Department of Computer Engineering, Daejeon University)
Publication Information
International Journal of Fuzzy Logic and Intelligent Systems / v.8, no.4, 2008 , pp. 316-321 More about this Journal
Abstract
Advanced computer network technology enables computers to be connected in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, which makes it vulnerable to previously unidentified attack patterns and variations in attack and increases false negatives. Intrusion detection and analysis technologies are thus required. This paper investigates the asymmetric costs of false errors to enhance the performances the detection systems. The proposed method utilizes the network model to consider the cost ratio of false errors. By comparing false positive errors with false negative errors, this scheme achieved better performance on the view point of both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of anomaly traffic detection is enhanced by considering the costs of false errors.
Keywords
Detection Systems; False Errors; Anomaly Traffic; Patterns Analysis; Data Mining;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Denning, D. E., 'An intrusion detection model,' IEEE Trans. S. E., SE-13(2), pp. 222-232, 1987   DOI   ScienceOn
2 Debar, H., Becker, M., 'A neural network component for an intrusion detection system,' IEEE Computer Society Symposium Research in Security and Privacy, pp. 240-250, 1992
3 Hubbards, B., Haley, T., McAuliffe, L., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M., 'Computer system intrusion detection,' IEEE Computer Society Symposium Research in Security and Privacy, pp. 120-128, 1990
4 Vaccaro, H. S., 'Detection of anomalous computer session activity,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 280-289, 1989
5 Ilgun, K., Kemmerer, R. A., 'Ustat: a real time intrusion system for UNIX,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 16-28, 1993
6 Maxion, R. A., 'Masquerade detection truncated command lines,' International Conference on Dependable Systems and Networks, pp. 219-228, 2002
7 Jasper, R. J., Huang, M. Y., 'A large scale distributed intrusion detection framework based on attack strategy analysis,' Computer Networks, Vol. 31, pp. 2465-2475, 1999   DOI   ScienceOn
8 Safavi-Naini, R., Balachadran, B., 'Case-based reasoning for intrusion detection,' 12th Annual Computer Security Application Conference, pp. 214-223, 1996
9 Debar, H., Dacier, M., 'Towards a taxonomy of intrusion detection systems,' Computer Networks, pp. 805-822, 1989
10 Helman, P., 'Statistical foundations of audit trail analysis for the detection of computer misuse,' IEEE Transactions on software engineering, Vol. 19, pp. 861-901, 1993
11 Lippmann, R. P., 'Improving intrusion detection performance using keyword selection and neural networks,' Computer Networks, Vol. 24, pp. 597-603, 2000
12 Se-Yul Lee, Byoung-Chan Chun, Yong-Soo Kim, 'The network model for Detection Systems based on data mining and the false errors,' International Journal of Fuzzy Logic and Intelligent Systems, Vol. 6, No. 2, pp. 64-68, 2006   과학기술학회마을   DOI   ScienceOn
13 Richards, K., 'Network based intrusion detection: a review of technologies,' Computer and Security, pp. 671-682, 1999
14 Se-Yul Lee, An Adaptive probe detection model using fuzzy cognitive maps, Ph. D. Dissertation, Daejeon University, 2003
15 Se-Yul Lee and Yong-Soo Kim, 'Design and analysis of probe detection systems for TCP networks,' International Journal of Advanced Computational Intelligence & Intelligent Informatics, Vol. 8, pp. 369-372, 2004   DOI
16 Weber, R., 'Information Systems Control and Audit,' IEEE Symposium on Security and Privacy, pp. 120-128, 1999
17 Lee, W., Stolfo, S. J., 'A data mining framework for building intrusion detection models,' IEEE Symposium on Security and Privacy, pp. 209-220, 1999