Browse > Article

Learning Method for minimize false positive in IDS  

정종근 (호남대학교 컴퓨터공학과)
김철원 (호남대학교 컴퓨터공학과)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.7, no.5, 2003 , pp. 978-985 More about this Journal
Abstract
The implementation of abnormal behavior detection IDS is more difficult than the implementation of misuse behavior detection IDS because usage patterns are various. Therefore, most of commercial IDS is misuse behavior detection IDS. However, misuse behavior detection IDS cannot detect system intrusion in case of modified intrusion patterns occurs. In this paper, we apply data mining so as to detect intrusion with only audit data related in intrusion among many audit data. The agent in the distributed IDS can collect log data as well as monitoring target system. False positive should be minimized in order to make detection accuracy high, that is, core of intrusion detection system. So We apply data mining algorithm for prediction of modified intrusion pattern in the level of audit data learning.
Keywords
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 R. Buschkes, M. Borning, and D. Kesdogan, Transaction based Anomaly Detection' Proc.of the Workshop on Intrusion Detection and Network monitoring, USENIX, Apr., 1999
2 T. Lane, 'Filtering technique for rapid user classification', In Proceedings of the AAAI98/ICML98 Joint Workshop on AI Approaches to Time series Analysis, 1998
3 한국전자통신연구원, '인터넷보안 기술/ 시장보고서', 12, 2001
4 Samuel I. Schaen, 'Network Auditing: Issues and Recommendations', IEEE 7th Computer Security Applications Conference, pp.66-79, Dec., 1991
5 Cheri Dowell and Paul Ramstedt. 'The Computer Watch data reduction tool', In Proceedings of the 13th National Computer Security Conference, PP.99-108, Washington DC, Oct., 1990
6 Abdelaziz Mounji, Baudouin Le Charlier, Denis Zampunieris and Naji Habra, 'Distributed Audit Trail Analysis', Proc. 2000
7 정종근, 이윤배, '새로운 침입 패턴을 위한 데이터마이닝 침입탐지시스템 설계', 대한전자공학회 논문지, 제39권 TE편 제1호 pp.77-87, 3, 2002
8 U. Fayyad, G. Piatetsky-Shapiro and P. Smyth, 'The KDD process of extracting useful knowledge from volumesof data', Communications of the ACM, 39(11):27-34, Nov., 1996   DOI   ScienceOn
9 W. Lee, S. J. Stolfo and K. W. Mok, 'Mining Audit data to build Intrusion Detection Models', In proceeding of the 4th International Conference on Knowledge Discovery and Data Mining, New York, NY, Aug., 1998
10 Anup K. Ghosh, 'Learning Program Behavior Profiles for Intrusion Detection', Proc. of the Workshop on Intrusion Detection and Network Monitoring, April., 1999
11 P. Proctor, 'Audit Reduction and Misuse Detection in Heterogeneous Environment; Framework and Application', Proc 10th Annual Computer Security Applications Conference, Dec., 1994