Article

Enhancing network intrusion detection systems with interval methods

Authors:

Qiang Duan,

Chenyi Hu,

Han-Chieh WeiAuthors Info & Claims

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

Pages 1444 - 1448

https://doi.org/10.1145/1066677.1067006

Published: 13 March 2005 Publication History

Get Access

Abstract

Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns.In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m x n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The O(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.

References

[1]

R. Bace and P. Mell, "Intrusion Detection Systems," Special Publication on Intrusion Detection Systems from National Institute of Standards and Technology, 2000.

Google Scholar

[2]

D. Barbara, N. Wu, and S. Jajodia (Eds.), "Applications of Data Mining in Computer Security," Kluwer Academic Publishers, 2002.

Digital Library

Google Scholar

[3]

S. Bridges and R. Vaufhn, "Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection," Proceeding of 23rd National Information Security Conference, 2000.

Google Scholar

[4]

P. Chen, A. de Korvin, and C. Hu, "Association Analysis with Interval Valued Fuzzy Sets and Body of Evidence," Proceedings of the 2002 IEEE World Congress on Computational Intelligence, pp. 518--523, 2002

Google Scholar

[5]

A. de Korvin, C. Hu, and P. Chen, "Generating and Applying Rules for Interval Valued Fuzzy Observations," Lecture Notes in Computer Science, Vol. 3177, pp. 279--284, Springer-Verlag, 2004.

Crossref

Google Scholar

[6]

K. Ilgun, R. A. Kemmerer, and P. A. Porras, "State Transition Analysis: A Rule-based Intrusion Detection Approach," IEEE Transactions on Software Engineering, Vol. 21, No. 3, pp. 181--199, March 1995.

Digital Library

Google Scholar

[7]

K. Julisch, "Clustering Intrusion Detection Alarms to Support Root Cause Analysis," ACM Transactions on Information and System Security, Vol. 6, No. 4, pp. 443--471, November 2003.

Digital Library

Google Scholar

[8]

S. Kumar and E. Spafford, "A Software Architecture to Support Misuse Intrusion Detection," in 18th National Information Security Conference, pp. 194--204, 1995.

Google Scholar

[9]

S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz, "A Data Mining Analysis of RTID Alarms," Computer Networks, pp. 571--577, 2000.

Digital Library

Google Scholar

[10]

J. F. Roddick, and M. Spiliopoulou, "A Survey of Temporal Knowledge Discovery Paradigms and Methods," IEEE Transaction on Knowledge and Data Engineering, Vol. 14, No. 4, pp. 750--767, 2002.

Digital Library

Google Scholar

[11]

A. Seleznyov and S. Puuronen, "Anomaly Intrusion Detection Systems: Handling Temporal Relations between Events," in Recent Advances Intrusion Detection, 1999.

Google Scholar

[12]

R. T. Snodgrass, editor. The TSQL2 Temporal Query Language, chapter 10, Kluwer Academic Publishers, 1995.

Digital Library

Google Scholar

[13]

M. Spiliopoulou, J. F. Roddick, "Higher Order Mining: modeling and Mining the Results of Knowledge Discovery," Proc. Second International Conference on Data Mining Methods and Databases, 2000.

Google Scholar

[14]

D. C. Verma, "Simplifying Network Administration Using Policy-based Management," IEEE Network Magazine, Vol. 16, No. 2, pp. 20--26, March 2003.

Digital Library

Google Scholar

Cited By

View all

Spurling MHu CZhan HSheng V(2022)Anomaly Detection in Crowdsourced Work with Interval-Valued LabelsInformation Processing and Management of Uncertainty in Knowledge-Based Systems10.1007/978-3-031-08971-8_42(504-516)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-08971-8_42
Radhakrishna VKumar PJanaki VAljawarneh SAl-Shargabi B(2015)A Temporal Pattern Mining Based Approach for Intrusion Detection Using Similarity MeasureProceedings of the The International Conference on Engineering & MIS 201510.1145/2832987.2833077(1-8)Online publication date: 24-Sep-2015
https://dl.acm.org/doi/10.1145/2832987.2833077
Yao DYin MLuo JZhang S(2012)Network Anomaly Detection Using Random Forests and Entropy of Traffic FeaturesProceedings of the 2012 Fourth International Conference on Multimedia Information Networking and Security10.1109/MINES.2012.146(926-929)Online publication date: 2-Nov-2012
https://dl.acm.org/doi/10.1109/MINES.2012.146
Show More Cited By

Index Terms

Enhancing network intrusion detection systems with interval methods

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Random-Forests-Based Network Intrusion Detection Systems

Prevention of security breaches completely using the existing security technologies is unrealistic. As a result, intrusion detection is an important component in network security. However, many current intrusion detection systems (IDSs) are rule-based ...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...

Comments

Information & Contributors

Information

Published In

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

March 2005

1814 pages

ISBN:1581139640

DOI:10.1145/1066677

Conference Chair:
Hisham M. Haddad
Kennesaw State University
,
Editor:
Lorie M. Liebrock
New Mexico Institute of Mining and Technology, Socorro, NM
,
Program Chairs:
Andrea Omicini
Alma Mater Studiorum, Universita di Bologna, Italy
,
Roger L. Wainwright
Univerity of Tulsa, OK

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC05

Sponsor:

SIGAPP

SAC05: The 2005 ACM Symposium on Applied Computing

March 13 - 17, 2005

New Mexico, Santa Fe

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
876
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Spurling MHu CZhan HSheng V(2022)Anomaly Detection in Crowdsourced Work with Interval-Valued LabelsInformation Processing and Management of Uncertainty in Knowledge-Based Systems10.1007/978-3-031-08971-8_42(504-516)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-08971-8_42
Radhakrishna VKumar PJanaki VAljawarneh SAl-Shargabi B(2015)A Temporal Pattern Mining Based Approach for Intrusion Detection Using Similarity MeasureProceedings of the The International Conference on Engineering & MIS 201510.1145/2832987.2833077(1-8)Online publication date: 24-Sep-2015
https://dl.acm.org/doi/10.1145/2832987.2833077
Yao DYin MLuo JZhang S(2012)Network Anomaly Detection Using Random Forests and Entropy of Traffic FeaturesProceedings of the 2012 Fourth International Conference on Multimedia Information Networking and Security10.1109/MINES.2012.146(926-929)Online publication date: 2-Nov-2012
https://dl.acm.org/doi/10.1109/MINES.2012.146
Hu C(2009)Interval Rule Matrices for Decision MakingKnowledge Processing with Interval and Soft Computing10.1007/978-1-84800-326-2_6(1-12)Online publication date: 27-Mar-2009
https://doi.org/10.1007/978-1-84800-326-2_6

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

Random-Forests-Based Network Intrusion Detection Systems

Syntax vs. semantics: competing approaches to dynamic network intrusion detection