A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
スポンサーリンク
概要
- 論文の詳細を見る
Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion detection employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched to the signatures, and their methods consume huge amounts of cost and time to acquire the signatures. In order to cope with the problems, many researchers have proposed various kinds of methods that are based on unsupervised learning techniques. Although they enable one to construct intrusion detection model with low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we present a new clustering method to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that superiority of our approach to other existing algorithms reported in the literature.
- (社)電子情報通信学会の論文
- 2008-05-01
著者
-
SONG Jungsuk
National Institute of Information and Communications Technology
-
Song Jungsuk
Graduate School Of Informatics Kyoto University
-
Okabe Yasuo
Kyoto Univ. Kyoto Jpn
-
Okabe Yasuo
Academic Center For Computing And Media Studies Kyoto University
-
Takakura Hiroki
Academic Center For Computing And Media Studies Kyoto University
-
Ohira Kenji
Graduate School Of Informatics Kyoto University
-
KWON Yongjin
Information and Telecommunication Engineering, Korea Aerospace University
-
Kwon Yongjin
Information And Telecommunication Engineering Korea Aerospace University
関連論文
- O-means: An Optimized Clustering Method for Analyzing Spam Based Attacks
- Multi-Bit Embedding in Asymmetric Digital Watermarking without Exposing Secret Information
- Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM
- A Tight Upper Bound on Online Buffer Management for Multi-Queue Switches with Bicodal Buffers
- A Tight Bound on Online Buffer Management for Two-Port Shared-Memory Switches
- A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
- O-means : An Optimized Clustering Method for Analyzing Spam Based Attacks
- A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data
- The Online Graph Exploration Problem on Restricted Graphs
- Special Section on New Challenge for Internet Technology and its Architecture
- Special Section on Discrete Mathematics and Its Applications
- A Novel Malware Clustering Method Using Frequency of Function Call Traces in Parallel Threads
- An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation