Journal of the Institute of Electronics Engineers of Korea CI (전자공학회논문지CI)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

Anomaly Detection Model Using THRE-KBANN

THRE-KBANN을 이용한 이상현상탐지모델

  • Shim, Dong-Hee (Jeonju University, School of Information Technology and Computer Engineering)
  • 심동희 (전주대학교 정보기술 컴퓨터공학부)
  • Published : 2001.09.25
Download PDF
⟨ Previous Next ⟩

Abstract

Since Internet has been used anywhere, illegal intrusion to a certain host or network become the ciritical factor in security. Although many anomaly detection models have been proposed using the statistical analysis, data mining, genetic algorithm/programming to detect illegal intrusions, these models has defects to detect new types of intrusions. THRE-KBANN (theory-refinement knowledge-based artificial neural network) which can learn continuously based on KBANN, is proposed for the anomaly detection model in this paper. The performance of this model is compared with that of the model based on data mining using the experimental data. The ability of continual learning for the detection of new types of intrusions is also evaluated.

인터넷이 널리 이용되면서 네트워크나 호스트에 대한 불법적인 침입은 많은 위험요소가 되고 있다. 이러한 침입을 탐지하기 위하여 통계적기법, 데이터마이닝기법, 유전자 알고리즘/프로그래밍 기법 등을 이용한 이상현상 탐지모델들이 많이 제안되어 왔으나 새로운 유형의 침입에 대해서는 탐지능력이 떨어지는 단점이 있다. 본 논문에서는 THRE KBANN을 이용한 이상현상탐지모델을 제안하였는데, 이는 연속학습을 할 수 있도록 지식기반신경망을 개선한 것이다. 이 모델을 실험적 자료에 적용한 결과를 데이터마이닝기법을 적용한 경우와 비교하여 성능평가를 하였다. 그리고 새로운 침입유형을 탐지하기 위한 연속학습에 대한 성능도 평가하였다.

Keywords

References

  1. Dorothy E. Denning, 'An intrusion-detection model', IEEE Transactions on Software Engineering, SE Vol. 13, No.2, pp. 222-232, February, 1987 https://doi.org/10.1109/TSE.1987.232894
  2. Shahzad Ali, Adventures in Anomaly Detection, Technical Report, Carnegie Mellon University, December, 1999
  3. Salvatore J. Stolfo, Wenke Lee, Data Mining Approaches for Intrusion Detection, Technical Report, Columbia University, 1998
  4. Alfonso Valdes, Harold S. Javitz, The NIDES Statistical Component: Description and Justification, Technical Report, SRI International, March, 1993
  5. Ludovic Me, Genetic Algorithms, an Alternate Tool for Security Audit Trails Analysis, Technical Report, Supelec, France, 1992
  6. Robin Boaswell, Peter Clark, 'Rule Induction with cn2: Some Recent Improvements,' 1Machine Learning - Fifth European Conference, pp. 151-163, 1991
  7. Tim Niblett, Peter Clark, 'The CN2 Induction Algorithm', Machine Learning Journal, Vol. 3, No 4, pp, 261-283, 1989 https://doi.org/10.1023/A:1022641700528
  8. J. Ryan, M.J. Lin and R. Miikkulainen, Intrusion Detection with Neural Networks, Advanced in Neural Information Processing Systems 10, Cambridge, MA, MTT Press, 1998
  9. Terran Lane, Machine Learning Techniques for the Domain of Anomaly Detection for Computer Security, Tecinical Report, Purdue University, 1998
  10. http://www.icsa.net/html/communities/ids/White Papers/Intrusion1.pdf
  11. http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
  12. M. Ring, 'CHILD: A First Step towards Continual Learning', Machine Learning, Vol. 28, No 1, pp. 77-104, July, 1997 https://doi.org/10.1023/A:1007331723572
  13. G.G. Towell, 'Symbolic Knowledge and Neural Networks:Insertion, Refinement, and Extraction', Ph.D thesis, University of Wisconsin Madison, 1991
  14. 심동희, '지식기반신경망에서 은닉노드 삽입을 이용한 영역이론정련화', 정보처리학회논문지, 제3권 제7호, pp. 1773-1780, 12월, 1996년
  15. http://www.cs.cmu.edu/~maxion/invictus/cinnamon.html
  16. Mark Craven, Sean Slattery and Kamal Nigam, 'First-Order Learning for Web Mining', 10th European Conference on Machine Learning, 1998