Browse > Article
http://dx.doi.org/10.13089/JKIISC.2002.12.5.63

Network Anomaly Detection based on Association among Packets  

오상현 (연세대학교 컴퓨터과학과)
이원석 (연세대학교 컴퓨터과학과)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.12, no.5, 2002 , pp. 63-73 More about this Journal
Abstract
Recently, intrusions into a computer have been increased rapidly and also various intrusion methods have been developed. As a result. many researches have been performed to detect the activities of intruders effectively In this paper, a new association mining algorithm for anomaly network intrusion detection is proposed. For this purpose, the proposed algorithm is composed of two different phases: intra-packet association and inter-packet association. The performance of the proposed anomaly detection system is evaluated based on several experiment according to various system parameters in order to identify their practical ranges for maximizing its detection rate. As a result, an anomaly can be detected effectively.
Keywords
비정상 행위 판정;침입 탐지;데이터마이닝;연관 규칙;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Data Mining Approaches for Intrusion Detection /
[ W. Lee;S. Stolfo ] / Proc. of the 7th USENIX Security Symposium
2 /
[ S. Kumar ] / Classfication and Detection of Computer Intrusions
3 /
[ R. Heady;G. Luger;A. Maccabe;M. Servilla ] / The Architecture of a Network Level Intrusion Detection System
4 The NIDES Statistical Component Description and Justification /
[ H.S. Javitz;Alfonso Valdes ] / Annual report, SRI International
5 State Transition Analysis : A rule-based intrusion detection approach /
[ K. Illgun;R. Kemmerer;P.A. Porras ] / IEEE Transaction on Software Engineering
6 The SRI IDES Statistical Anomaly Detector /
[ H.S. Javitz;A. Valdes ] / Proc. of the 1991 IEEE Symposium on Research in Security and Privacy
7 JAM:Java agents for Meta-Learning over Distributed Databases /
[ S.J. Stolfo;A.L. Prodromidis;S. Tselepis;W. Lee;D. Fan;P.K. Chan ] / Proc. KDD-97 and AAAI97 Work. on AI Methods in Fraud and Risk Management
8 EMERALD: Event Monitoring Enabling Responses to Anomalous Live Distrubances /
[ P.A. Porras;Peter, G. Neumann ] / 20th NISSC
9 Fast Algorithms for Mining Association Rules /
[ R. Agrawal;R. Srikant ] / Proc. of the 20th VLDB conference
10 Model based intrusion detection /
[ T.D. Garvey;T.F. Lunt ] / Proc. of the 14th National Computer Security Conference
11 Network intrusion Detection /
[ B. Mukherjee;T.L. Heberlein;K.N. Kevitt ] / IEEE Network   DOI   ScienceOn
12 /
[ J.S. Balesubramaniyan,J.O. Garcia-Fernandes;David Isacoff;Engene Spafford;Diego Zamboni ] / An Architecture for Intrusion Detection using Autonomous Agents (Technical Report 98-05)
13 USTAT: A Real-Time Intrusion Detection System for UNIX /
[ K. Illgun ] / Proc. of the 1993 Symposium Security and Privacy
14 Learning Patterns from Unix Process Execution Traces for Intrusion Detection /
[ W. Lee;S.J. Stolfo;P.K. Chan ] / Proc. AAAI-97 Work. on AI Methods in Fraud and Risk Management
15 Mining Association Rules between Sets of Items in Large Database /
[ R. Agrawal;T. Imielnski;A. Swami ] / Proc. ACM SIGMOD