Effective intrusion detection model through the combination of a signature-based intrusion detection system and a machine learning-based intrusion detection system
作者: Ill-Young Weon , Doo Heon Song , Chang-Hoon Lee
DOI:
关键词: Signature (logic) 、 False alarm 、 Field (computer science) 、 Principal (computer security) 、 Artificial intelligence 、 Data set 、 Anomaly-based intrusion detection system 、 Intrusion detection system 、 Machine learning 、 Constant false alarm rate 、 Computer science
摘要: In the field of network intrusion detection, both signature-based detec-tion system and machine learning-based detection possess advan-tages disadvantages. When two discrepant systems are combined in a way that former is used as main latter supporting system, measures validity alarms determined by filters out any false alarms. What more, such an approach can also detect attacks itself cannot detect. The objective this paper to propose model show more efficient than each individual system. We DARPA Data Set experiments order usefulness model. Snort was for experiment extended IBL (In-stance-based Learner) principal learning algorithm To compare performances algorithms, C4.5 used.
参考文章(14)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
Samuel Patton, An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT Proceedings of RAID2001, Davis, CA, USA. ,(2001)
David W. Aha, Dennis Kibler, Noise-tolerant instance-based learning algorithms international joint conference on artificial intelligence. pp. 794- 799 ,(1989)
J.R. Quinlan, Probabilistic decision trees Machine Learning. pp. 140- 152 ,(1990) , 10.1016/B978-0-08-051055-2.50011-0
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Christopher Kruegel, Thomas Toth, Using Decision Trees to Improve Signature-Based Intrusion Detection recent advances in intrusion detection. pp. 173- 191 ,(2003) , 10.1007/978-3-540-45248-5_10
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Klaus Julisch, Marc Dacier, Mining intrusion detection alarms for actionable knowledge Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 366- 375 ,(2002) , 10.1145/775047.775101