A Neural Network Model for Detection Systems Based on Data Mining and False Errors

  • Se-Yul Lee
  • Bong-Hwan Lee
  • Yeong-Deok Kim
  • Dong-Myung Shin
  • Chan-Hyun Youn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4097)


Nowadays, computer network systems play an increasingly important role in our society. They have become the target of a wide array of malicious attacks that can turn into actual intrusions. This is the reason why computer security has become an essential concern for network administrators. Intrusions can wreak havoc on LANs. And the time and cost to repair the damage can grow to extreme proportions. Instead of using passive measures to fix and patch security holes, it is more effective to adopt proactive measures against intrusions. Recently, several IDS have been proposed and they are based on various technologies. However, these techniques, which have been used in many systems, are useful only for detecting the existing patterns of intrusion. It can not detect new patterns of intrusion. Therefore, it is necessary to develop a new technology of IDS that can find new patterns of intrusion. This paper investigates the asymmetric costs of false errors to enhance the detection systems performance. The proposed method utilizes a network model considering the cost ratio of false errors. Compared with false positive, this scheme accomplishes both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of probe detection can be enhanced by considering the costs of false errors.


Intrusion Detection Intrusion Detection System Cost Ratio Pattern Comparator False Positive Error 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Lee, W., Stolfo, S.J.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, pp. 209–220 (1999)Google Scholar
  2. 2.
    Esaoo, M., Safavi-Naini, R., Balachadran, B.: Case-based reasoning for intrusion detection. In: 12th Annual Computer Security Application Conference, pp. 214–223 (1996)Google Scholar
  3. 3.
    Denning, D.E.: An intrusion detection model. IEEE Trans. S. E. SE-13(2), 222–232 (1987)CrossRefGoogle Scholar
  4. 4.
    Richards, K.: Network based intrusion detection: a review of technologies. Computer and Security, 671–682 (1999)Google Scholar
  5. 5.
    Debar, H., Dacier, M.: Towards a taxonomy of intrusion detection systems. Computer Networks, pp. 805–822 (1989)Google Scholar
  6. 6.
    Debar, H., Becker, M.: A neural network component for an intrusion detection system. In: IEEE Computer Society Symposium Research in Security and Privacy, pp. 240–250 (1992)Google Scholar
  7. 7.
    Weber, R.: Information Systems Control and Audit. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1999)Google Scholar
  8. 8.
    Lippmann, R.P.: Improving intrusion detection performance using keyword selection and neural networks. Computer Networks 24, 597–603 (2000)CrossRefGoogle Scholar
  9. 9.
    Jasper, R.J., Huang, M.Y.: A large scale distributed intrusion detection framework based on attack strategy analysis. Computer Networks 31, 2465–2475 (1999)CrossRefGoogle Scholar
  10. 10.
    Ilgun, K., Kemmerer, R.A.: Ustat: a real time intrusion system for UNIX. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 16–28 (1993)Google Scholar
  11. 11.
    Hubbards, B., Haley, T., McAuliffe, L., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M.: Computer system intrusion detection, 120–128 (1990)Google Scholar
  12. 12.
    Vaccaro, H.S.: Detection of anomalous computer session activity. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 280–289 (1989)Google Scholar
  13. 13.
    Helman, P.: Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on software engineering 19, 861–901 (1993)CrossRefGoogle Scholar
  14. 14.
    Lee, S.Y.: Design and analysis of probe detection systems for TCP networks. International Journal of Advanced Computational Intelligence & Intelligent Informatics 8, 369–372 (2004)Google Scholar
  15. 15.
    Lee, S.Y.: An Adaptive probe detection model using fuzzy cognitive maps, Ph. D. Dissertation, Daejeon University (2003)Google Scholar
  16. 16.
    Park, S.J.: A Probe Detection Model using the analysis of the Session Patterns on the Internet Service, ph. D. Dissertation, Daejeon University (2003)Google Scholar
  17. 17.
    Maxion, R.A.: Masquerade detection truncated command lines. In: International Conference on Dependable Systems and Networks, pp. 219–228 (2002)Google Scholar
  18. 18.
    Joo, D.J.: The Design Analysis of Intrusion Detection Systems using Data Mining, Ph. D. Dissertation, Korea Advanced Institute of Science and Technology (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Se-Yul Lee
    • 1
  • Bong-Hwan Lee
    • 2
  • Yeong-Deok Kim
    • 3
  • Dong-Myung Shin
    • 4
  • Chan-Hyun Youn
    • 5
  1. 1.Department of Computer ScienceChungwoon UniversityChungnamKorea
  2. 2.Department of Electrical & Computer EngineeringUniversity of FloridaGainesvilleU.S.A.
  3. 3.Department of Computer Information Science & EngineeringWoosong UniversityDaejeonKorea
  4. 4.Korea Information Security AgencyIT Infrastructure Protection Division Applied Security Technology TeamSeoulKorea
  5. 5.School of EngineeringICUDaejeonKorea

Personalised recommendations