Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.1.71

An Efficient Method for Detecting Denial of Service Attacks Using Kernel Based Data  

Chung, Man-Hyun (Graduate School of Information Management and Security, Korea University)
Cho, Jae-Ik (Graduate School of Information Management and Security, Korea University)
Chae, Soo-Young (The Attached Institute of ETRI)
Moon, Jong-Sub (Graduate School of Information Management and Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.1, 2009 , pp. 71-79 More about this Journal
Abstract
Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.
Keywords
System call; Principal Component Analysis; Denial of Service; Host based IDS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Q. Qian and M. Xin, "Research on Hidden Markov for System Call Anomaly Detection," Pacific Asia Workshop on Intelligence and Security Informatics 2007, LNCS 4430, pp.152-159, 2007
2 J. Lemon, "Resisting SYN Flooding Dos Attacks with a SYN Cache," BSDCon 2002, pp. 89-97, Feb. 2002
3 N. Kambhatla and T.K. Leen, "Dimension reduction by local principal component analysis," Neural Computation, vol.9, no.7, pp. 1493-1516, Oct. 1997   DOI   ScienceOn
4 양진산, 장병탁, "베이지안 네트워크를 이용한 전자상거래 고객들의 성향 분석," 퍼지 및 지능시스템학회 논문지, 1(1), pp. 16-21, 2001년 1월
5 S. Alok, K.P. Arun, and K.P. Kuldip, "Intrusion detection using text processing techniques with a kernel based similarity measure," Computers & Security, vol. 26, no. 7-8, pp. 488-495, Dec. 2007   DOI   ScienceOn
6 F. Jensen, An Introduction to Bayesian Networks, Springer-verlag, pp. 201-208, Oct. 1996.
7 J.P. Egan, Signal Detection Theory and ROC Analysis, NY Academic Press, p. 157, Dec. 1975
8 T.F. Lunt, "A survey of intrusion detection techniques," Computer & Security, vol. 12, no. 4, pp. 405-418, June 1993   DOI   ScienceOn
9 ISS, "Network vs Host-based intrusion detection," whitepaper: Oct. 1998
10 P.J.B. Hancock, A.M. Burton, and V. Bruce, "Face Processing: Human perception and principal components analysis," Memory and Cognition, vol. 24, no. 1, pp. 26-40, Aug. 1996   DOI
11 N. Friedman and Y. Singer, "Efficient bayesian parameter estimation in large discrete domains," Advances in Neural Information Processing systems, pp. 417-423, Mar. 1998
12 N. Friedman and M. Goldszmidt, "Learning Bayesian networks with local structure," Learning in Graphical Models, Kluwer Acadamic Publishers, pp. 421-459, Mar. 1998
13 R. Oliver, "Countering SYN Flood Denialof-Service Attacks," Invited Talk at The 10th USENIX Security Symposium, p. 2, Aug. 2001
14 D. Heckerman, "A Tutorial on Learning with Bayesian Networks", Technical Report MSRTR- 95-06, Microsoft Research, pp. 339-377, Mar. 1995
15 W. Hu, Y. Liao, and V. Vemuri, "Robust Support Vector Machine for Anomaly Detection in Computer Security," International Conference on Machine Learning, pp. 4-5, June 2003
16 S.H. Paek, Y.K. Oh, J.B. Yun, and D.H. Lee, "The Architecture of Host-based Intrusion Detection Model Generation System for the Frequency Per System Call," International Conference on Hybrid Information Technology 06, vol. 2, no. 2, pp. 277-283, Nov. 2006
17 Y. Liao and V. Vemuri, "Use of K-Nearest Neighbor Classifier for intrusion detection," Computers & Security, vol. 21, no. 5, pp. 439-448, Oct. 2002   DOI   ScienceOn
18 L. Richard, W.Joshua, Haines, J. David, K. Jonathan, and K. Das, "The 1999 DARPA off-line intrusion detection evaluation," Computer Networks, vol. 34, no. 4, pp.579-595, Aug. 2000   DOI   ScienceOn