Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.6.111

Negative Selection Algorithm based Multi-Level Anomaly Intrusion Detection for False-Positive Reduction  

Kim, Mi-Sun (Mokpo National University)
Park, Kyung-Woo (Mokpo National University)
Seo, Jae-Hyun (Mokpo National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.6, 2006 , pp. 111-121 More about this Journal
Abstract
As Internet lastly grows, network attack techniques are transformed and new attack types are appearing. The existing network-based intrusion detection systems detect well known attack, but the false-positive or false-negative against unknown attack is appearing high. In addition, The existing network-based intrusion detection systems is difficult to real time detection against a large network pack data in the network and to response and recognition against new attack type. Therefore, it requires method to heighten the detection rate about a various large dataset and to reduce the false-positive. In this paper, we propose method to reduce the false-positive using multi-level detection algorithm, that is combine the multidimensional Apriori algorithm and the modified Negative Selection algorithm. And we apply this algorithm in intrusion detection and, to be sure, it has a good performance.
Keywords
Intrusion Detection System; False-Positive; Association Rule Mining; Negative Selection Algorithm; Anomaly Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Han, M. Kamber, Data Mining Concepts and Techniques, Morgan Kaufmann publishers, 2001
2 F. Gonzalez and D. Dasgupta, 'Anomaly detection using real-valued negative selection', In special issue of the Journal of Genetic Programming and Evolvable Machines, Vol. 4, Issue 4, pp 383-403, Dec. 2003   DOI
3 Jianxiong Luo and Susan M. Bridges, 'Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection', International Journal of Intelligent Systems, Vol. 15, No. 8, pp.687-704, 2000   DOI   ScienceOn
4 S. Forrest, Perelson, A., Lawrence Allen, and Rajesh Cherukuri, 'Self-Nonself Discrimination in a Computer', In IEEE Symposium on Research in Security and Privacy, pp.202-212, May 1994
5 D. Dasgupta, S. Yu and Majumdar, N., 'MILA Multilevel Immune Learning Algorithm,' GECCO 2003, LNCS 2723, pp.183-194, 2003
6 DARPA Intrusion Detection Evaluation, MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/ideval
7 D. Dasgupta and S. Forrest, 'An Anomaly Detection Algorithm Inspired by the Immune System', Artificial Immune Systems and Their Applications 1st edition Part III, Springer, pp.262-275, Dec. 1998
8 Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, 'A Data Mining Framework for Building Intrusion Detection Models', IEEE Symposium on Security and Privacy, 1999
9 P. Tadeusz, T. Axel, 'Data mining and machine learning-Towards reducing false positives in intrusion detection', Article Information Security Technical Report, Volume 10, Issue 3, pp. 169-183, 2005
10 S. A. Hofmeyr, 'An Immunological Model of Distributed Detection and Its Application to Computer Security', PhD Thesis, Dept of Computer Science, University of New Mexico, May 1999
11 KDD CUP 1999 DATA, http://kdd.ics. uci.edu/databases/kddcup99/kddcup 99.html
12 D. Chowdhury, 'Immune Network: An Example of Complex Adaptive Systems', Artificial Immune Systems and Their Applications, 1st edition, Part II, Springer, pp.89-114, Dec. 1998
13 R. Goldsby, T. Kindt, and Osborne, B., Kuby Immunology, 4th Edition, W.H. Freeman & Company, Jan. 2000
14 de Castro. L. N. and Von Zuben, F. J, 'Artificial Immune Systems: Part I Basic Theory and Applications,' Technical Report RT DCA 01/99, 1999