• Title/Summary/Keyword: Intrusion Pattern Classification

Search Result 14, Processing Time 0.028 seconds

An Intrusion Detection System Using Pattern Classification (패턴 분류를 이용한 침입탐지 시스템 모델)

  • 윤은준;김현성;부기동
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2002.11a
    • /
    • pp.59-65
    • /
    • 2002
  • Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

  • PDF

An Intrusion Detection System Using Pattern Classification (패턴 분류를 이용한 침입탐지 시스템 모델)

  • 윤은준;김현성;부기동
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2002.11a
    • /
    • pp.59-65
    • /
    • 2002
  • Recently, lots of researchers work focused on the intrusion detection system. Pattern matching technique is commonly used to detect the intrusion in the system, However, the method requires a lot of time to match between systems rule and inputted packet data. This paper proposes a new intrusion detection system based on the pattern matching technique. Proposed system reduces the required time for pattern matching by using classified system rule. The classified rule is implemented with a general tree for efficient pattern matching. Thereby, proposed system could perform network intrusion detection efficiently.

  • PDF

Modificated Intrusion Pattern Classification Technique based on Bayesian Network (베이지안 네트워크 기반의 변형된 침입 패턴 분류 기법)

  • Cha Byung-Rae;Park Kyoung-Woo;Seo Jae-Hyeon
    • Journal of Internet Computing and Services
    • /
    • v.4 no.2
    • /
    • pp.69-80
    • /
    • 2003
  • Program Behavior Intrusion Detection Technique analyses system calls that called by daemon program or root authority, constructs profiles, and detectes modificated anomaly intrusions effectively. In this paper, the relation among system calls of processes is represented by bayesian network and Multiple Sequence Alignment. Program behavior profiling by Bayesian Network classifies modified anomaly intrusion behaviors, and detects anomaly behaviors. we had simulation by proposed normal behavior profiling technique using UNM data.

  • PDF

Optimizing Intrusion Detection Pattern Model for Improving Network-based IDS Detection Efficiency

  • Kim, Jai-Myong;Lee, Kyu-Ho;Kim, Jong-Seob;Kim, Kuinam J.
    • Convergence Security Journal
    • /
    • v.1 no.1
    • /
    • pp.37-45
    • /
    • 2001
  • In this paper, separated and optimized pattern database model is proposed. In order to improve efficiency of Network-based IDS, pattern database is classified by proper basis. Classification basis is decided by the specific Intrusions validity on specific target. Using this model, IDS searches only valid patterns in pattern database on each captured packets. In result, IDS can reduce system resources for searching pattern database. So, IDS can analyze more packets on the network. In this paper, proper classification basis is proposed and pattern database classified by that basis is formed. And its performance is verified by experimental results.

  • PDF

Intrusion Detection System using Pattern Classification with Hashing Technique (패턴분류와 해싱기법을 이용한 침입탐지 시스템)

  • 윤은준;김현성;부기동
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.8 no.1
    • /
    • pp.75-82
    • /
    • 2003
  • Computer and network security has recently become a popular subject due to the explosive growth of the Internet Especially, attacks based on malformed packet are difficult to detect because these attacks use the skill of bypassing the intrusion detection system and Firewall. This paper designs and implements a network-based intrusion detection system (NIDS) which detects intrusions with malformed-packets in real-time. First, signatures, rules in NIDS like Snouts rule files, are classified using similar properties between signatures NIDS creates a rule tree applying hashing technique based on the classification. As a result the system can efficiently perform intrusion detection.

  • PDF

BAYESIAN CLASSIFICATION AND FREQUENT PATTERN MINING FOR APPLYING INTRUSION DETECTION

  • Lee, Heon-Gyu;Noh, Ki-Yong;Ryu, Keun-Ho
    • Proceedings of the KSRS Conference
    • /
    • 2005.10a
    • /
    • pp.713-716
    • /
    • 2005
  • In this paper, in order to identify and recognize attack patterns, we propose a Bayesian classification using frequent patterns. In theory, Bayesian classifiers guarantee the minimum error rate compared to all other classifiers. However, in practice this is not always the case owing to inaccuracies in the unrealistic assumption{ class conditional independence) made for its use. Our method addresses the problem of attribute dependence by discovering frequent patterns. It generates frequent patterns using an efficient FP-growth approach. Since the volume of patterns produced can be large, we propose a pruning technique for selection only interesting patterns. Also, this method estimates the probability of a new case using different product approximations, where each product approximation assumes different independence of the attributes. Our experiments show that the proposed classifier achieves higher accuracy and is more efficient than other classifiers.

  • PDF

Reinforcement Data Mining Method for Anomaly&Misuse Detection (침입탐지시스템의 정확도 향상을 위한 개선된 데이터마이닝 방법론)

  • Choi, Yun Jeong
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.1
    • /
    • pp.1-12
    • /
    • 2010
  • Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

Implementation of Realtime Face Recognition System using Haar-Like Features and PCA in Mobile Environment (모바일 환경에서 Haar-Like Features와 PCA를 이용한 실시간 얼굴 인증 시스템)

  • Kim, Jung Chul;Heo, Bum Geun;Shin, Na Ra;Hong, Ki Cheon
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.199-207
    • /
    • 2010
  • Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks, from 0.62 to 0.84 about 35%.

An Intelligent Intrusion Detection Model Based on Support Vector Machines and the Classification Threshold Optimization for Considering the Asymmetric Error Cost (비대칭 오류비용을 고려한 분류기준값 최적화와 SVM에 기반한 지능형 침입탐지모형)

  • Lee, Hyeon-Uk;Ahn, Hyun-Chul
    • Journal of Intelligence and Information Systems
    • /
    • v.17 no.4
    • /
    • pp.157-173
    • /
    • 2011
  • As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

The Study on matrix based high performance pattern matching by independence partial match (독립 부분 매칭에 의한 행렬 기반 고성능 패턴 매칭 방법에 관한 연구)

  • Jung, Woo-Sug;Kwon, Taeck-Geun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.9B
    • /
    • pp.914-922
    • /
    • 2009
  • In this paper, we propose a matrix based real-time pattern matching method, called MDPI, for real-time intrusion detection on several Gbps network traffic. Particularly, in order to minimize a kind of overhead caused by buffering, reordering, and reassembling under the circumstance where the incoming packet sequence is disrupted, MDPI adopts independent partial matching in the case dealing with pattern matching matrix. Consequently, we achieved the performance improvement of the amount of 61% and 50% with respect to TCAM method efficiency through several experiments where the average length of the Snort rule set was maintained as 9 bytes, and w=4 bytes and w=8bytes were assigned, respectively, Moreover, we observed the pattern scan speed of MDPI was 10.941Gbps and the consumption of hardware resource was 5.79LC/Char in the pattern classification of MDPI. This means that MDPI provides the optimal performance compared to hardware complexity. Therefore, by decreasing the hardware cost came from the increased TCAM memory efficiency, MDPI is proven the cost effective high performance intrusion detection technique.