A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

Hoang, Xuan Dau; Hu, Jiankun; Bertók, Péter

doi:10.1016/j.jnca.2009.05.004

Cited by 106 publications

(37 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hidden Markov models (HMMs) have also been applied for intrusion detection [23,27,29]. However, modeling the system calls alone may not always provide accurate classification as in such cases various connection level features are ignored.…”

Section: Related Workmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

Self Cite

186

View full text Add to dashboard Cite

This paper proposes a novel approach for intrusion detection system based on sampling with Least Square Support Vector Machine (LS-SVM). Decision making is performed in two stages. In the first stage, the whole dataset is divided into some predetermined arbitrary subgroups. The proposed algorithm selects representative samples from these subgroups such that the samples reflect the entire dataset. An optimum allocation scheme is developed based on the variability of the observations within the subgroups. In the second stage, least square support vector machine (LS-SVM) is applied to the extracted samples to detect intrusions. We call the proposed algorithm as optimum allocation-based least square support vector machine (OA-LS-SVM) for IDS. To demonstrate the effectiveness of the proposed method, the experiments are carried out on KDD 99 database which is considered a de facto benchmark for evaluating the performance of intrusions detection algorithm. All binary-classes and multiclass are tested and our proposed approach obtains a realistic performance in terms of accuracy and efficiency. Finally a way out is also shown the usability of the proposed algorithm for incremental datasets.

show abstract

Section: Related Workmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

Self Cite

186

View full text Add to dashboard Cite

show abstract

“…It can reliably detect UDP flooding attacks with traffic intensity as low as five to ten percent of the background intensity. Hoang et al [8 ] has proposed a fuzzy based scheme for the integration of HMM ano maly intrusion detection engine and normal-sequence database detection engine for program anomaly intrusion detection using system calls. Experimental design of the proposed method was based on the detection rate and the false positive rate.…”

Section: Intrusion Detection Systemmentioning

confidence: 99%

“…The Performance of the proposed approach is measured using the KDD cup dataset and it achieves high detection rate and low false alarm rates. Hoang X D et al [27] has proposed a program-based anomaly detection scheme using mu ltip le detection engines and fuzzy inference. The performance of the proposed method was evaluated using HMM training cost, false positive rate, anomaly signals and the detection rate.…”

Section: Powers S T Et Al [24]mentioning

confidence: 99%

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Azad

Jha²

2013

IJITCS

View full text Add to dashboard Cite

Abstract-In the era of info rmation and communicat ion technology, Security is an important issue. A lot of effort and finance are being invested in this sector. Intrusion detection is one of the mos t prominent fields in this area. Data min ing in network intrusion detection can automate the network intrusion detection field with a greater efficiency. This paper presents a literature survey on intrusion detection system. The research papers taken in this literature survey are published fro m 2000 to 2012. We can see that almost 67 % of the research papers are focused on anomaly detection, 23 % on both anomaly and misuse detection and 10 % on misuse detection. In this literature survey statistics shows that 42 % KDD cup dataset, 20 % DA RPA dataset and 38 % other datasets are used by the different researchers for testing the effectiveness of their proposed method for misuse detection, anomaly detection or both.

show abstract

“…The objectives of developing the IDS are: (1) to monitor the activities of a given environment, and (2) to decide whether the activities are malicious or normal, depending on the integrity of the system and on the confidentiality and the information resources availability [3,16]. The following issues should be considered when building the IDS: (1) data collection, (2) data preprocessing, (3) intrusion recognition, Remove A i from DB_Alerts 23) Next I 24) }…”

Section: Reduction Ids Alert Processes Model (Rapm)mentioning

confidence: 99%

Collection Mechanism and Reduction of IDS Alert

HashimAl-Saedi¹,

Ramadass²,

Almomani³

et al. 2012

IJCA

View full text Add to dashboard Cite

Numerous techniques and approaches are used to address the threats that are faced by computer networks today's. Some of these reactive approaches involve Intrusion Detection System (IDS), malware data mining and network monitoring. Numerous false positive alerts are generated by the IDS, contributing negatively to system complexity and performance. In this paper, we present a new framework called collection mechanism and reduction of IDS alert framework (CMRAF) to remove duplicate IDS alerts and reduce the amount of false alerts. CMRAF is based on two models. The first model develops a mechanism to save IDS alerts, extract the standard features as intrusion detection message exchange format, and save them in DB file (CSVtype). The second model consists of three phases. The first phase removes redundant alerts, the second phase reduces false alerts based on threshold time value, and the last phase reduces false alerts based on rules with threshold common vulnerabilities and exposure value. We applied CMRAF on two environments: the Darpa 1999 and the NAv6 network center data sets. The result obtained from the experiment on Darpa 1999 data set recorded an 92% alert reduction rate, whereas that on the NAv6 data set recorded an 84% alert reduction rate. From the results, CMRAF was able to scale back a massive quantity of redundant alerts and effectively reduces false alerts.

show abstract

A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

Cited by 106 publications

References 26 publications

A novel statistical technique for intrusion detection systems

A novel statistical technique for intrusion detection systems

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Collection Mechanism and Reduction of IDS Alert

Contact Info

Product

Resources

About