본문 바로가기 주메뉴 바로가기
검색 검색영역닫기 검색 검색영역닫기 ENGLISH 메뉴 전체보기 메뉴 전체보기

논문

Quantitative instrusion intensity assessment for intrusion detection systems

https://doi.org/10.1002/sec.419

  • 저자Dong Seong Kim, Sang Min Lee, Tae Hwan Kim, Jong Sou Park
  • 학술지SECURITY AND COMMUNICATION NETWORKS 5
  • 등재유형
  • 게재일자(2012)


One of the main problems of existing approaches in anomaly detection in intrusion detection system (IDS) is that IDSs provide only binary detection result: intrusion (attack) or normal. If some attack data or normal data is belonged to boundary, they may be classified wrongly. That is a main cause of high false rates and inaccurate detection rates in IDS. We propose a new approach named Quantitative Intrusion Intensity Assessment (QIIA) that exploits proximity metrics computation so that it provides intrusion (or normal) quantitative intensity value. It is capable of representing how an instance of audit data is proximal to intrusion or normal in a numerical value. This can identify unknown intrusion and normal pattern more accurately. Prior to applying QIIA to audit data, we perform feature selection and parameter optimization of detection models to decrease the overheads to process audit data and to enhance detection rates. Random Forests is used to generate proximity metrics that represent the intrusion intensity (and normal instance intensity) in a numerical way. The numerical value is used to determine whether unknown audit data are intrusion or normal. We carry out several experiments on KDD 1999 dataset and the experimental results show the feasibility of our approach. Copyright © 2012 John Wiley & Sons, Ltd.


One of the main problems of existing approaches in anomaly detection in intrusion detection system (IDS) is that IDSs provide only binary detection result: intrusion (attack) or normal. If some attack data or normal data is belonged to boundary, they may be classified wrongly. That is a main cause of high false rates and inaccurate detection rates in IDS. We propose a new approach named Quantitative Intrusion Intensity Assessment (QIIA) that exploits proximity metrics computation so that it provides intrusion (or normal) quantitative intensity value. It is capable of representing how an instance of audit data is proximal to intrusion or normal in a numerical value. This can identify unknown intrusion and normal pattern more accurately. Prior to applying QIIA to audit data, we perform feature selection and parameter optimization of detection models to decrease the overheads to process audit data and to enhance detection rates. Random Forests is used to generate proximity metrics that represent the intrusion intensity (and normal instance intensity) in a numerical way. The numerical value is used to determine whether unknown audit data are intrusion or normal. We carry out several experiments on KDD 1999 dataset and the experimental results show the feasibility of our approach. Copyright © 2012 John Wiley & Sons, Ltd.

이 페이지에서 제공하는 정보에 대해 만족하십니까?