The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Anomaly Intrusion Detection using Fuzzy Membership Function and Neural Networks

퍼지 멤버쉽 함수와 신경망을 이용한 이상 침입 탐지

  • Published : 2004.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

컴퓨터 네트워크의 확대 및 인터넷 이용의 급격한 증가에 따른 최근의 정보통신 기반구조는 컴퓨터 시스템의 네트워크를 통한 연결로 다양한 서비스를 제공하고 있다. 특히 인터넷은 개방형 구조를 가지고 있어 서비스 품질의 보장과 네트워크의 관리가 어렵고, 기반구조의 취약성으로 인하여 타인으로부터의 해킹 및 정보유출 둥의 위협으로부터 노출되어 있다. 보안 위협에 대한 능동적인 대처 및 침입 이후에 동일한 또는 유사한 유형의 사건 발생에 대해 실시간 대응할 수 있는 방법이 중요하게 되었으며 이러한 해결책으로서 침임 탐지 시스템에 대한 연구가 활발히 진행되고 있다. 본 논문에서는 지도학습 알고리즘이 의한 침입탐지 시스템의 성능을 향상시키기 위해서 불확실성을 해결하기 위한 방법인 퍼지를 적용한 뉴로-퍼지 모델의 이상 침입 탐지 시스템에 대해서 연구한다. 즉, 신경망 학습의 전달함수를 불확실성을 해결하기 위한 퍼지 멤버쉽 함수로 수정하여 지도학습을 수행하였다. 제안한 뉴로-퍼지기법을 DARPA 침입 데이터를 이용하여 오용 탐지의 한계성을 극복한 네트워크기반의 이상침입 탐지에 적용하여 성능을 검증하였다.

Keywords

References

  1. D. Barbara, N. Wu and S. Jajodia, 'Detecting novel network intrusions using bayes estimators,' In Proc. SIAM Intl. Conf. Data Mining, 2001
  2. D. Anderson, T. Lunt, H. Javitz, A. Tamaru and A. Valdes, 'Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system(nides),' In Technical Report SRI-CSL-95-06, SRI, 1995
  3. Silicon Defence. Spade. In http://www.silicondefense.com/software/spice/, 2001
  4. Matthew V. Mahoney and Philip K. Chan, 'Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks,' 2002 https://doi.org/10.1145/775047.775102
  5. Leonid Portnoy, 'Intrusion detection with unlabeled data using clustering,' Undergraduate Thesis, Columbia University, 2000
  6. Jack Marin, Daniel Ragsdale and John Shurdu, 'A Hybrid Approach to the Profile Creation and Intrusion Detection,' Proceedings of DARPA Information Survivability Conference and Exposition, IEEE, 2001 https://doi.org/10.1109/DISCEX.2001.932193
  7. Nong Ye and Xiangyang Li, 'A Scalable Clustering Technique for Intrusion Signature Recognition,' Proceedings of 2001 IEEE Workshop on Information Assurance and Security, 2001
  8. Wenke Lee, Salvatore J. Stolfo, Philip K. Chan, Eleazar Eskin, Wei Fan, Matthew Miller, Shlomo Hershkop and Junxin Zhang, 'Real Time Data Mining - based Intrusion Detection,' IEEE, 2001 https://doi.org/10.1109/DISCEX.2001.932195
  9. Dorothy E. Denning, 'An Intrusion-Detection Model,' IEEE Transaction on Software Engineering, Vol.SE-13, No.2, pp.222-232, February, 1987 https://doi.org/10.1109/TSE.1987.232894
  10. Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff, 'A Sense of Self for Unix Processes,' In Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp.120-128, 1996 https://doi.org/10.1109/SECPRI.1996.502675
  11. 박봉구, 한상언, 차병래, '컴퓨터를 활용한 이산수학', 교우사, pp.231-242, 2003
  12. LiMin Fu, 'Neural Networks in Computer Intelligence,' McGraw-Hill, Inc., 1994
  13. http://www.ll.mit.edu/IST/ideval/data_index.html
  14. Hofmann, A., Schmitz, C, and Sick, B., 'Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers,' Springer LNCS, pp.316-324, 2003
  15. Zheng Zhang, Jun Li, C.N. Manikopoulos, Jay Jorgenson, Jose Ucles, 'HIDE : a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification,' proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001
  16. Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung, 'Intrusion Detection : Support Vector Machines and Neural Networks,' New Mexico Institute of Mining and Technology
  17. Susan M. Bridges, Rayford B. Vaughn, 'INTRUSION DETECTION VIA FUZZY DATA MINING,' Accepted for Presentation at The Twelfth Annual Canadian Information Technology Security Symposium pp.19-23, June, 2000
  18. Jack Marin, Daniel Ragsdale and John Surdu, 'A Hybrid Approach to the profile Creation and Instrusion Detection,' Information Technology and Operations Center, United States Military Academy
  19. Jonatan Gomez and Dipankar Dasgupta, 'Evolving Fuzzy Classifiers for Intrusion Detection,' Proceedings of the 2002 IEEE Workshop on Information Assurance, 2002
  20. James A. Freeman and David M. Skapura, 'Neural Networks : Algorithms, Applications and Programming Techniques,' pp.89-123, Addison Wesley, 1992
  21. Martin T. Hagan, Howard B. Demuth, MA가 Beale, 'Neural Network Design,' PWS publishing Company, 1996