A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
Summary :
Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion detection employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched to the signatures, and their methods consume huge amounts of cost and time to acquire the signatures. In order to cope with the problems, many researchers have proposed various kinds of methods that are based on unsupervised learning techniques. Although they enable one to construct intrusion detection model with low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we present a new clustering method to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that superiority of our approach to other existing algorithms reported in the literature.
- Publication
- IEICE TRANSACTIONS on Information Vol.E91-D No.5 pp.1282-1291
- Publication Date
- 2008/05/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1093/ietisy/e91-d.5.1282
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Network Security
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Jungsuk SONG, Kenji OHIRA, Hiroki TAKAKURA, Yasuo OKABE, Yongjin KWON, "A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 5, pp. 1282-1291, May 2008, doi: 10.1093/ietisy/e91-d.5.1282.
Abstract: Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion detection employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched to the signatures, and their methods consume huge amounts of cost and time to acquire the signatures. In order to cope with the problems, many researchers have proposed various kinds of methods that are based on unsupervised learning techniques. Although they enable one to construct intrusion detection model with low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we present a new clustering method to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that superiority of our approach to other existing algorithms reported in the literature.
URL: https://globals.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.5.1282/_p
Copy
@ARTICLE{e91-d_5_1282,
author={Jungsuk SONG, Kenji OHIRA, Hiroki TAKAKURA, Yasuo OKABE, Yongjin KWON, },
journal={IEICE TRANSACTIONS on Information},
title={A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System},
year={2008},
volume={E91-D},
number={5},
pages={1282-1291},
abstract={Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion detection employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched to the signatures, and their methods consume huge amounts of cost and time to acquire the signatures. In order to cope with the problems, many researchers have proposed various kinds of methods that are based on unsupervised learning techniques. Although they enable one to construct intrusion detection model with low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we present a new clustering method to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that superiority of our approach to other existing algorithms reported in the literature.},
keywords={},
doi={10.1093/ietisy/e91-d.5.1282},
ISSN={1745-1361},
month={May},}
Copy
TY - JOUR
TI - A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
T2 - IEICE TRANSACTIONS on Information
SP - 1282
EP - 1291
AU - Jungsuk SONG
AU - Kenji OHIRA
AU - Hiroki TAKAKURA
AU - Yasuo OKABE
AU - Yongjin KWON
PY - 2008
DO - 10.1093/ietisy/e91-d.5.1282
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2008
AB - Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion detection employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched to the signatures, and their methods consume huge amounts of cost and time to acquire the signatures. In order to cope with the problems, many researchers have proposed various kinds of methods that are based on unsupervised learning techniques. Although they enable one to construct intrusion detection model with low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we present a new clustering method to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that superiority of our approach to other existing algorithms reported in the literature.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
