A MACHINE LEARNING APPROACH WITH VERIFICATION OF PREDICTIONS AND ASSISTED SUPERVISION FOR A RULE-BASED NETWORK INTRUSION DETECTION SYSTEM

José Ignacio Fernández-Villamor, Mercedes Garijo

Abstract

Network security is a branch of network management in which network intrusion detection systems provide attack detection features by monitorization of traffic data. Rule-based misuse detection systems use a set of rules or signatures to detect attacks that exploit a particular vulnerability. These rules have to be hand-coded by experts to properly identify vulnerabilities, which results in misuse detection systems having limited extensibility. This paper proposes a machine learning layer on top of a rule-based misuse detection system that provides automatic generation of detection rules, prediction verification and assisted classification of new data. Our system offers an overall good performance, while adding an heuristic and adaptive approach to existing rule-based misuse detection systems.

References

  1. Bashah, N. and Shanmugam, B. (2005). Artificial Intelligence Techniques Applied to Intrusion Detection. In IEEE Indicon Conference, Chennai, India.
  2. Bouzida, Y. and Cuppens, F. (2005). Neural networks vs. decision trees for intrusion detection. In Proceedings of the 43rd annual Southeast regional conference.
  3. Chavan, S., Shah, K., Dave, N., and Mukherjee, S. (2004). Adaptive Neuro-Fuzzy Intrusion Detection Systems. In Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04).
  4. Denning, D. (1987). An Intrusion-Detection Model. In IEEE transactions on software engineering.
  5. Deri, L., Suin, S., and Maselli, G. (2003). Design and implementation of an anomaly detection system: An empirical approach. In Proceedings of Terena TNC, 2003.
  6. Hoglund, A. J., Hatonen, K., and Sorvari, A. S. (2000). A Computer Host Based User Anomaly Detection System Using Self Organizing Maps. In Proceedings of the International Joint Conference on Neural Networks, IEEE IJCNN 2000, Vol. 5, pp. 411-416.
  7. Hunt, E. B. (1962). Concept learning: an information processing problem. Wiley.
  8. Kemmerer, R. A. and Vigna, G. (2005). Hi-DRA: Intrusion Detection for Internet Security. In Proceedings of the IEEE, October 2005.
  9. Kohonen, T. (1997). Self-Organizing Maps. SpringerVerlag New York, Inc.
  10. Kumar, S. and Spafford, E. (1994). A Pattern Matching Model for Misuse Intrusion Detection. In Proceedings of the 17th National Security Conference.
  11. Lee, W., Stolfo, S., and Mok, K. W. (1999). A Data Mining Framework for Building Intrusion Detection Models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.
  12. Mukherjee, B., Heberlein, L. T., and Levitt, K. N. (1994). Network Intrusion Detection. In IEEE Network.
  13. Pfahringer, B. (1999). Winning the KDD99 classification cup: Bagged boosting. In ACM SIGKDD Explor., vol. 1, no. 2, pp 65-66.
  14. Quinlan, R. (1993). C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, Inc.
  15. Roesch, M. (1999). Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the 13th USENIX conference on System administration.
  16. Sammon, J. W. (1969). A nonlinear mapping for data structure analysis. IEEE Transactions on Computers, C18(5):401-409, May 1969.
  17. University of California (1999). The Third International Knowledge Discovery and Data Mining Tools Competition Data. http://kdd.ics.uci.edu/ databases/kddcup99/kddcup99.html.
  18. Wuu, L. C. and Chen, S. F. (2003). Building Intrusion Pattern Miner for Snort Network Intrusion Detection System. In IEEE Computer Society.
  19. Ye, N., Emran, S., Li, X., and Chen, Q. (2001). Statistical Process Control for Computer Intrusion Detection. In Proceedings DISCEX II.
  20. Ye, N., Vilbert, S., and Chen, Q. (2003). Computer Intrusion Detection through EWMA for Auto Correlated and Uncorrelated Data. In IEEE Transactions on Reliability.
  21. Yu, Z., Tsai, J. J. P., and Weigert, T. (2007). An Automatically Tuning Intrusion Detection System. IEEE Transactions on Systems, Man, and cybernetics, vol. 37, no. 2, April 2007.
Download


Paper Citation


in Harvard Style

Ignacio Fernández-Villamor J. and Garijo M. (2008). A MACHINE LEARNING APPROACH WITH VERIFICATION OF PREDICTIONS AND ASSISTED SUPERVISION FOR A RULE-BASED NETWORK INTRUSION DETECTION SYSTEM . In Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-26-5, pages 143-148. DOI: 10.5220/0001524801430148


in Bibtex Style

@conference{webist08,
author={José Ignacio Fernández-Villamor and Mercedes Garijo},
title={A MACHINE LEARNING APPROACH WITH VERIFICATION OF PREDICTIONS AND ASSISTED SUPERVISION FOR A RULE-BASED NETWORK INTRUSION DETECTION SYSTEM},
booktitle={Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2008},
pages={143-148},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001524801430148},
isbn={978-989-8111-26-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - A MACHINE LEARNING APPROACH WITH VERIFICATION OF PREDICTIONS AND ASSISTED SUPERVISION FOR A RULE-BASED NETWORK INTRUSION DETECTION SYSTEM
SN - 978-989-8111-26-5
AU - Ignacio Fernández-Villamor J.
AU - Garijo M.
PY - 2008
SP - 143
EP - 148
DO - 10.5220/0001524801430148