Browse > Article

A Criterion on Profiling for Anomaly Detection  

조혁현 (여수대학교 정보기술학부)
정희택 (여수대학교 정보기술학부)
김민수 (전남대학교 컴퓨터정보학부)
노봉남 (전남대학교 컴퓨터정보학부)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.7, no.3, 2003 , pp. 544-551 More about this Journal
Abstract
Internet as being generalized, intrusion detection system is needed to protect computer system from intrusions synthetically. We propose a criterion on profiling for intrusion detection system using anomaly detection. We present the cause of false positive on profiling and propose anomaly method to control this. Finally, we propose similarity function to decide whether anomaly action or not for user pattern using pattern database.
Keywords
Intrusion detection system; False positive; Profiling; Association rule mining;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 A K. Gjosh, J. Wanken and F. Charron, 'Detection Anomalous and Unknown Intrusions Against Programs', In Proc. of the Annual Computer Security Application Conf., Scottsdale, AZ, Dec. 1998
2 W, Lee and S. J. Stolfo, 'Adaptive Intrusion Detection:a Data Mining Approach', Kluwer Academic Puh, 2000
3 W, Lee, S. J. Stolfo and K.W. Mok, Algorithms for Mining system audit data, Data Mining, Rough Sets, and Granular Computing, T. Y. Lin, Y. Y. Yao, and L. A. Zadeh (eds), PhysicaVerlag, 2002
4 W, Lee and S. J. Stolfo,'Data Mining approachs for intrusion detection', In Proc. of the 7th USENIX Security Symposium, San Antonio, TX, Jan. 1998
5 박정호, 오상현, 이원석, '데이터베이스 시스템에서 연관 규칙 탐사 기법을 이용한 비정상 행위 탐지', 정보처리학회 논문지, Vol. 9, No.6, pp.831-840, 2002   과학기술학회마을   DOI
6 R. Agrawal, T. Imielinski and A. Swami, 'Mining association rules between sets of items in large databases', In Proc. of the ACM SIGMOD Conf. on Management of Data, pp. 207-216, 1993
7 Jung-soo Park, Ming-syan Chen, and P. S. Yu, 'An effective hash-based algorithm for mining association rules', In Proc. of ACM SIGMOD Conf. on Management of Data, pp. 175-186, San Jose, California, May 1995
8 R. Heady, G. Luger, A. Maccabe, and M. Servilla, 'The architecture of a network level intrusion detection systems', Tech. Report, Computer Science Dept., Univ. of New Mexico, Aug. 1990
9 W, Lee, S. J. Stolfo and K.W. Mok, 'A Data Mining Framework for Building Intrusion Detection Models', In Proc. of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999
10 H Debar, M. Dacier, and A. Wespi, 'Towards a Taxonomy of Intrusion- Detection Systems', Research Report of IBM Research Division, Zurich Research Laboratory, Jan. 1998
11 R.G.Bace, Intrusion Detection, MacMillan Tech. Publishing, 2000
12 오세훈, 이원석, '패킷간 연관 관계를 이용한 네트워크 비정상행위 탐지', 정보보호학회 논문지, 12권 5호, pp. 63-73, 2002
13 J. Frank, 'Artificial Intelligence and Intrusion Detection:Current and Future', In Proc. of the 17th Computer Security Corf., Oct. 1994
14 K. L. Fox, R. R. Henning, J. H Reed, and R. Simonian, 'A Neural Network Approach Towards Intrusion Detection', In Proc. of the 13th National Computer Security Conf., pp.125-134, Washington DC, Oct. 1990
15 S. A. Hofmeyr, 'An Immunological Model of Distributed Detection and its Application to Computer Security', Ph.D. Thesis, Univ. of New Mexico, May 1999
16 Denning, D.E, 'An Intrusion-Detection Model', IEEE Transactions on Software Engineering, Vol.13, pp. 222-232, 1987   DOI   ScienceOn
17 H. Mannila and H. Toivonen, 'Discovering generalized episodes using minimal occurrence', In Proc. of the 2nd Intel. Conf. on Knowledge Discovery in Databases and Data Mining, Portland, Oregon, Aug. 1996
18 C Kahn, P. A. Porras, S.Staniford-Chen, and B. Tung, 'A Common Intrusion Detection Framework', 1998