Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2005.12C.7.1007

Selection of Detection Measures using Relative Entropy based on Network Connections  

Mun Gil-Jong (전남대학교 정보보호협동과정)
Kim Yong-Min (여수대학교 정보기술학부)
Kim Dongkook (전남대학교 전자컴퓨터정보통신공학부)
Noh Bong-Nam (전남대학교 전자컴퓨터정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.12C, no.7, 2005 , pp. 1007-1014 More about this Journal
Abstract
A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert's experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert's experiences. The methods are to select useful measures in measures of network connection(session) and to detect attacks. We extracted the network session data of normal and each attack, and selected useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. The detecting method controled detection rate and false positive rate using threshold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting Intrusion and attacks.
Keywords
Intrusion Detection; Relative Entropy; Likelihood Ratio; Network Measures;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Richard P.Lippmann and David J. Freid etc., 'Evaluating Intrusion Detection System:The 1998 DARPA off-line Intrusion Detection Evalution,'   DOI
2 Y. Liao and R. Vemuri, 'Using Text Categorization Techiques for Intrusion Detection,' the 11th USENIX Security Symposium, 2002
3 E. Eskin, A. Arnold, M, Prerau and L. Portnoy, 'A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data,' Application of Data Mining in Computer Security, Kluwer., 2002
4 S. Mukkamala and A. Sung, 'Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques,' Intl. of Digital Evidence. Vol. 1., 2003
5 Smaha, Stephen E., 'Haystack: An Intrusion Detection System,' Proceedings of the Fourth Aerospace Computer Security Applications Conference, 1988   DOI
6 R. O. Duda, P. E. Hart and D. G. Stork, Pattern Classification 2nd edition, Wiley-INTERSCIENCE., 2001
7 The third international Knowledge discovery and data mining tools competition dataset KDD99 CUP, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1998
8 D. E. Denning, 'An Intrusion-Detection Model,' IEEE Trans. on Software Engineering, No.2, Feb., 1987   DOI   ScienceOn
9 진성해, '네트워크 침입 탐지를 위한 변형된 통계적 학습 모형,' 정보처리학회논문지C, 2003   과학기술학회마을
10 J.Ross Quinlan, C4.5: Programs for Machine Learing, Morgan Kaufmann Publishers
11 W. Lee and D. Xiang, 'Information-Theoretic Measures for Anomaly Detection,' IEEE Symposium on Security and Privacy, 2001   DOI