Network Intrusion Detection Using Statistical Probability Distribution

  • Gil-Jong Mun
  • Yong-Min Kim
  • DongKook Kim
  • Bong-Nam Noh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3981)


It is very difficult to select useful measures and to generate patterns detecting attacks from network. Patterns to detect intrusions are usually generated by expert’s experiences that need a lot of man-power, management expense and time. This paper proposes the statistical methods for detecting attacks without expert’s experiences. The methods are to select the detection measures from features of network connections and to detect attacks. We extracted normal and each attack data from network connections, and selected the measures for detecting attacks by relative entropy. Also we made probability patterns and detected attacks by likelihood ratio. The detection rates and the false positive rates were controlled by the different threshold in the method. We used KDD CUP 99 dataset to evaluate the performance of the proposed methods.


False Positive Rate Intrusion Detection Relative Entropy Anomaly Detection Intrusion Detection System 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering, (2) (1987)Google Scholar
  2. 2.
    The third international Knowledge discovery and data mining tools competition dataset KDD 1999 CUP (1998),
  3. 3.
    Smaha, S.E.: Haystack: An Intrusion Detection System. In: Proceedings of the Fourth Aerospace Computer Security Applications Conference (1988)Google Scholar
  4. 4.
    Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Intl. of Digital Evidence 1 (2003)Google Scholar
  5. 5.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Application of Data Mining in Computer Security. Kluwer, Dordrecht (2002)Google Scholar
  6. 6.
    Liao, Y., Vemuri, R.: Using Text Categorization Techiques for Intrusion Detection. In: The 11th USENIX Security Symposium (2002)Google Scholar
  7. 7.
    Lippmann, R.P., Freid, D.J., et al.: Evaluating Intrusion Detection System: The 1998 DARPA off-line Intrusion Detection Evaluation. In: Proceeding of the 2000 DARPA Information Survivability Conference and Exposition, vol. 2 (1999)Google Scholar
  8. 8.
    Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (2001)Google Scholar
  9. 9.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley Interscience, Hoboken (2001)MATHGoogle Scholar
  10. 10.
    Gil-Jong, M., Yong-Min, K., DongKook, K., Bong-Nam, N.: Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical ApproachGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gil-Jong Mun
    • 1
  • Yong-Min Kim
    • 2
  • DongKook Kim
    • 3
  • Bong-Nam Noh
    • 3
  1. 1.Interdisciplinary Program of Information SecurityChonnam National UniversityGwangjuKorea
  2. 2.Dept. of Electronic CommerceChonnam National UniversityYeosuKorea
  3. 3.Div. of Electronics Computer & Information EngineeringChonnam National UniversityGwangjuKorea

Personalised recommendations