Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.3.545

A New Method to Detect Anomalous State of Network using Information of Clusters  

Lee, Ho-Sub (The Attached Institute of ETRI)
Park, Eung-Ki (The Attached Institute of ETRI)
Seo, Jung-Taek (The Attached Institute of ETRI)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.3, 2012 , pp. 545-552 More about this Journal
Abstract
The rapid development of information technology is making large changes in our lives today. Also the infrastructure and services are combinding with information technology which predicts another huge change in our environment. However, the development of information technology brings various types of side effects and these side effects not only cause financial loss but also can develop into a nationwide crisis. Therefore, the detection and quick reaction towards these side effects is critical and much research is being done. Intrusion detection systems can be an example of such research. However, intrusion detection systems mostly tend to focus on judging whether particular traffic or files are malicious or not. Also it is difficult for intrusion detection systems to detect newly developed malicious codes. Therefore, this paper proposes a method which determines whether the present network model is normal or abnormal by comparing it with past network situations.
Keywords
Intrusion Detection System; Machine Learning; Clustering;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 최양서, 오진태, 장종수, 류재철, "분산서비스거부 (DDoS) 공격 통합 대응체계 연구," 정보보호학회지, 19(5), pp. 11-20, 2009년 10월.
2 이세열, 김용수, 심귀보, "서비스 거부 공격에서의 퍼지인식도를 이용한 네트워크기반의 지능적 침입 방지 모델에 관한 연구," 퍼지 및 지능시스템학회논문지, 13(2), pp.148-153, 2003년 4월.
3 이제학, 김동성, 김태환, 박종서, "트래픽 매트릭스와 유전 알고리즘을 이용한 분산 서비스 거부 공격 탐지," 2010년도 한국인터넷정보학회 학술발표대회, pp. 453-458, 2010년 6월.
4 Paul Barford and David Plonka, "Characteristics of network traffic flow anomalies," IMW '01 Proeedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 69-73, Dec. 2001.
5 Wei Xiong, Hanping Hu, Yue Yang, and Qian Wang, "Anomaly detection of network traffic based on the largest lyapunov exponent," Advanced Computer Control(ICACC), 2010 2nd International Conference on, pp. 581-585, Mar. 2010.
6 Androulidakis, G., Chatzigiannakis, V., and Papavassiliou, S., "Network anomaly detection and classification via opportunistic sampling," IEEE Network, pp. 6-12, Mar. 2009.
7 김태훈, 서기택, 이영훈, 임종인, 문종섭, "엔트로피를 이용한 분산 서비스 거부 공격 탐지에 효과적인 특징 생성 방법 연구," 정보보호학회논문지, 20(4), pp. 63-73, 2010년 8월.
8 Anna T. Lawniczak, Hao Wu, and Bruno Di Stefano, "Entropy based detection of DDoS attacks in packet switching network models," Complex Sciences, LNICS, Social Informatics and Telecommunications Engineering, Vol. 5, Part 1, pp.1810-1822, Jun. 2009.
9 Ke Li, Wanlei Zhou, Shui Yu, and Bo Dai, "Effective DDoS attacks detection using generalized entropy metric," Algorithms and Architectures for Parallel Processing, LNCS 5574, Springer, pp. 266-280, 2009.
10 Shui Yu and Wanlei Zhou, "Entropy-based collaborative detection of DDoS attacks on community networks," 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications, percom, pp.566-571, Mar. 2008.
11 Sergios Theodoridis and Konstantinos Koutroumbas, Pattern recognition, 4th Ed., Elsevier, Nov. 2008.
12 오일석, 패턴인식, 교보문고, Aug. 2008.
13 Rechard O. Duda, Peter E. Hart, and David G. Stork, Pattern classification, 2nd Ed., Wiley, Oct. 2000.
14 MIT LINCONLN LABORATORY, 2000 DARPA intrusion detection scenario specific data sets, MIT/LL, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/2000data.html
15 Machine Learning Group at University of Waikato, WEKA 3 : data mining software in java, http://www.cs.waikato.ac.nz/ml/weka