Network Intrusion Detection Using Statistical Probability Distribution
It is very difficult to select useful measures and to generate patterns detecting attacks from network. Patterns to detect intrusions are usually generated by expert’s experiences that need a lot of man-power, management expense and time. This paper proposes the statistical methods for detecting attacks without expert’s experiences. The methods are to select the detection measures from features of network connections and to detect attacks. We extracted normal and each attack data from network connections, and selected the measures for detecting attacks by relative entropy. Also we made probability patterns and detected attacks by likelihood ratio. The detection rates and the false positive rates were controlled by the different threshold in the method. We used KDD CUP 99 dataset to evaluate the performance of the proposed methods.
KeywordsFalse Positive Rate Intrusion Detection Relative Entropy Anomaly Detection Intrusion Detection System
Unable to display preview. Download preview PDF.
- 1.Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering, (2) (1987)Google Scholar
- 2.The third international Knowledge discovery and data mining tools competition dataset KDD 1999 CUP (1998), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
- 3.Smaha, S.E.: Haystack: An Intrusion Detection System. In: Proceedings of the Fourth Aerospace Computer Security Applications Conference (1988)Google Scholar
- 4.Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Intl. of Digital Evidence 1 (2003)Google Scholar
- 5.Eskin, E., Arnold, A., Prerau, M., Portnoy, L.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Application of Data Mining in Computer Security. Kluwer, Dordrecht (2002)Google Scholar
- 6.Liao, Y., Vemuri, R.: Using Text Categorization Techiques for Intrusion Detection. In: The 11th USENIX Security Symposium (2002)Google Scholar
- 7.Lippmann, R.P., Freid, D.J., et al.: Evaluating Intrusion Detection System: The 1998 DARPA off-line Intrusion Detection Evaluation. In: Proceeding of the 2000 DARPA Information Survivability Conference and Exposition, vol. 2 (1999)Google Scholar
- 8.Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (2001)Google Scholar
- 10.Gil-Jong, M., Yong-Min, K., DongKook, K., Bong-Nam, N.: Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical ApproachGoogle Scholar