Browse > Article
http://dx.doi.org/10.5762/KAIS.2010.11.11.4553

Implementation of abnormal behavior detection Algorithm and Optimizing the performance of Algorithm  

Shin, Dae-Cheol (Division of Eletronics and Computer, Hanseo University)
Kim, Hong-Yoon (Division of Eletronics and Computer, Hanseo University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.11, no.11, 2010 , pp. 4553-4562 More about this Journal
Abstract
With developing networks, information security is going to be important and therefore lots of intrusion detection system has been developed. Intrusion detection system has abilities to detect abnormal behavior and unknown intrusions also it can detect intrusions by using patterns studied from various penetration methods. Various algorithms are studying now such as the statistical method for detecting abnormal behavior, extracting abnormal behavior, and developing patterns that can be expected. Etc. This study using clustering of data mining and association rule analyzes detecting areas based on two models and helps design detection system which detecting abnormal behavior, unknown attack, misuse attack in a large network.
Keywords
Abnormal behavior; Algorithm; Clustering; Association;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Bing Liu, Wynne Hsu, Yiming Ma, "Integrating Classification and Association Rule Mining", National University of Singapore 119260, KDD-98, New York, Aug 27-31, 1998
2 Wenke Lee, Salvatore J.Stolfo, Wei Fan, Shlomo Hershkop "Real Time Data Mining-based Intrusion Detection" Computer Science Department, Columbia University
3 Rakesh Agrawal, Ramakrshnan Srikant, "Fast Algorithms for Mining Association Rules", In Proc. Of the 20th VLDB conference, 1994
4 신대철, 이보경, 유동영, 김홍근 "네트워크 비정상행위탐지를 위한 클러스터링 모델"(한국정보보호진흥원) 2001. 10. WISC 발표
5 D. Anderson, T.Frivold and A. Valdes, " Next-generation intrusion detection expert system(NIDES)," Technical Report SRI-CLS-95-07, May, 1995
6 Harold S. Javitz and Alfonso Valdes, "The NIDES Statistical Component Description and Justification," Annual Report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025, March 1994.
7 Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Stolfo ,"Adaptive Model Generation for Intrusion Detection Systems", Columbia University
8 L.Todd Heberlein, Gihan V. Dias, Karl N. " A NETWORK SECURITY MONITOR", University of California, Davis 1990 IEEE   DOI
9 Wenke Lee, Salvatore J.Stolfo "Data Mining Approaches for Intrusion Detection" Computer Science Department Columbia University 500 West 120th Street, New York, NY10027
10 Martin Ester, Hans-Peter Kriegel, Sander, Michael Wimmer, Xiaowei Xu, "Incremental Clustering for Mining in a Data Warehousing Environment", Proceedings of the 24th VLDB Conference, New York, USA, 1998
11 Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, "ROCK: A Clustering Algorithm for Categorical Attributes," the 15th International Conference on IEEE Data Engineering, Sydney, Australia, 1999.
12 Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, "CURE: An Efficient Clustering Algorithm for Large Databases," ACM SIGMOD International Conference on Management of Data, Seattle, Washington, 1998.
13 Tian Zhang, Raghu Ramakrishnan, and Miron Livny, "Birch: An Efficient data clustering method for very large databases," Proceedings for the ACM SIGMOD Conference on Management of Data, Montreal, Canada, June 1996.
14 Winkler, J. R., Page, W. J. Intrusion and Abnormal Detection in Trusted Systems. In Proceedings of the 5th Annual Computer Security Applications Conference, pages 39-45.
15 Wenke Lee, Salvatore J.Stolfo, Kui W.Mok " A Data Mining for Building Intrusion Detection Models", Computer Science Department, Columbia University
16 Winkler, J. R., Landry, L. C. Intrusion and anomaly detection, ISOA update. In Proceedings of the 15th National Computer Security Conference, pages 272-281, Oct. 1992.
17 Winkler, J. R. A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks. In Proceedings of the 13th National Computer Security Conference, pages 115-124, Oct. 1990.
18 Hochberg, J., Jackson, K., Stallings, C., McClary, J., DuBois, D., Ford, J. NADIR: An automated system for detecting network intrusions and misuse. Computers and Security 12(1993)3, May, pages 253-248.
19 Jackson, K. A. NADIR: A Prototype System for Detecting Network and File System Abuse. In Proceedings of the 7th European Conference on Information Systems, Nov. 1992.
20 Jackson, K., DuBois, D. H., Stallings, C. A. An expert system application for network intrusion detection. In Proceedings of the 14th National Computer Security Conference, pages 215-225, Oct. 1991.
21 http://www.wheelgroup.com/netrangr/1netrang.html.
22 P.G. Neumann and P.A. Porras, "Experience with emerald to date", 1st USENIX Workshop on IDS, Santa Clara, Cal, 11-12 April 1999.
23 Porras, A. and Neumann, P. G. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the National Information Systems Security Conference, October 1997.
24 G. B. White, U. W. Pooch. Cooperating Security Managers: distributed intrusion detection systems. Computers & Security 15(1996)5, pages 441-450.   DOI
25 J. Frank, "Machine learning and intrusion detection : Current and future directions, " Proc. 17th National Computer Security Conference, October 1994
26 한국정보보호센터 "정보통신기반구조보호기술개발" 1999.12, 2000.12
27 M. Sobirey, B. Richter, and H. Konig. The intrusion detection system AID. Architecture, and experiences in automated audit analysis. In Proceedings of the IFIPTC6/TC11 International Conference on Communications and Multimedia Security, pages 278-290, September 1996.
28 Gregory B. White, Eric A. Fisch, and Udo W. Pooch. Cooperating security managers: A peer-based intrusion detection system. IEEE Network, 10(1):20-23, January/February 1996.   DOI
29 Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D. GrIDS - A Graph Based Intrusion Detection System for Large Networks. In Proceedings of the 19th National Information Systems Security Conference, pages 361-370, Oct. 1996.