ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Enhancing network intrusion detection systems with interval methods
Full text PdfPdf (140 KB)
Source Symposium on Applied Computing archive
Proceedings of the 2005 ACM symposium on Applied computing table of contents
Santa Fe, New Mexico
SESSION: Reliable computations and their applications (RCA) table of contents
Pages: 1444 - 1448  
Year of Publication: 2005
ISBN:1-58113-964-0
Authors
Qiang Duan  University of Central Arkansas
Chenyi Hu  University of Central Arkansas
Han-Chieh Wei  University of Central Arkansas
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 4,   Downloads (12 Months): 90,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1066677.1067006
What is a DOI?

ABSTRACT

Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns.In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m x n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The O(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
R. Bace and P. Mell, "Intrusion Detection Systems," Special Publication on Intrusion Detection Systems from National Institute of Standards and Technology, 2000.
 
2
Daniel Barbara , Sushil Jajodia, Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Norwell, MA, 2002
 
3
S. Bridges and R. Vaufhn, "Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection," Proceeding of 23rd National Information Security Conference, 2000.
 
4
P. Chen, A. de Korvin, and C. Hu, "Association Analysis with Interval Valued Fuzzy Sets and Body of Evidence," Proceedings of the 2002 IEEE World Congress on Computational Intelligence, pp. 518--523, 2002
 
5
A. de Korvin, C. Hu, and P. Chen, "Generating and Applying Rules for Interval Valued Fuzzy Observations," Lecture Notes in Computer Science, Vol. 3177, pp. 279--284, Springer-Verlag, 2004.
 
6
Koral Ilgun , R. A. Kemmerer , Phillip A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, IEEE Transactions on Software Engineering, v.21 n.3, p.181-199, March 1995  [doi>10.1109/32.372146 ]
7
Klaus Julisch, Clustering intrusion detection alarms to support root cause analysis, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.443-471, November 2003  [doi>10.1145/950191.950192]
 
8
S. Kumar and E. Spafford, "A Software Architecture to Support Misuse Intrusion Detection," in 18th National Information Security Conference, pp. 194--204, 1995.
 
9
Stefanos Manganaris , Marvin Christensen , Dan Zerkle , Keith Hermiz, A data mining analysis of RTID alarms, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.34 n.4, p.571-577, Oct. 2000  [doi>10.1016/S1389-1286(00)00138-9 ]
 
10
John F. Roddick , Myra Spiliopoulou, A Survey of Temporal Knowledge Discovery Paradigms and Methods, IEEE Transactions on Knowledge and Data Engineering, v.14 n.4, p.750-767, July 2002  [doi>10.1109/TKDE.2002.1019212 ]
 
11
A. Seleznyov and S. Puuronen, "Anomaly Intrusion Detection Systems: Handling Temporal Relations between Events," in Recent Advances Intrusion Detection, 1999.
 
12
Richard Thomas Snodgrass, The TSQL2 Temporal Query Language, Kluwer Academic Publishers, Norwell, MA, 1995
 
13
M. Spiliopoulou, J. F. Roddick, "Higher Order Mining: modeling and Mining the Results of Knowledge Discovery," Proc. Second International Conference on Data Mining Methods and Databases, 2000.
 
14
D. C. Verma, "Simplifying Network Administration Using Policy-based Management," IEEE Network Magazine, Vol. 16, No. 2, pp. 20--26, March 2003.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General

Additional Classification:
  G. Mathematics of Computing
  G.1 NUMERICAL ANALYSIS
      G.1.0 General

  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.8 Database applications


General Terms:
Algorithms, Security


Keywords:
interval method, intrusion detection, network control

Collaborative Colleagues:
Qiang Duan: colleagues
Chenyi Hu: colleagues
Han-Chieh Wei: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player