Proceedings of the 3rd Annual ACM Workshop on Mining Network Data 2007
DOI: 10.1145/1269880.1269882
|View full text |Cite
|
Sign up to set email alerts
|

A three-tier IDS via data mining approach

Abstract: We introduced a three-tier architecture of intrusion detection system which consists of a blacklist, a whitelist and a multi-class support vector machine classifier. The first tier is the blacklist that will filter out the known attacks from the traffic and the whitelist identifies the normal traffics. The rest traffics, the anomalies detected by the whitelist, were then be classified by a multi-class SVM classifier into four categories: PROBE, DoS, R2L and U2R. Many data mining and machine learning techniques… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2

Citation Types

0
23
0

Year Published

2009
2009
2021
2021

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 29 publications
(23 citation statements)
references
References 15 publications
0
23
0
Order By: Relevance
“…Many researchers have suggested that the monitoring capability of current IDS can be improved by taking a hybrid approach that consists of both anomaly as well as signature detection techniques (Lunt et al 1992;Anderson et al 1995;Porras and Neumann 1997;Hwang et al 2007;Fortuna et al 2007). The anomaly detection techniques aid in the detection of new or unknown zero day attacks while the signature detection techniques detect known attacks.…”
Section: Hybrid/ensemble Classifiersmentioning
confidence: 99%
See 2 more Smart Citations
“…Many researchers have suggested that the monitoring capability of current IDS can be improved by taking a hybrid approach that consists of both anomaly as well as signature detection techniques (Lunt et al 1992;Anderson et al 1995;Porras and Neumann 1997;Hwang et al 2007;Fortuna et al 2007). The anomaly detection techniques aid in the detection of new or unknown zero day attacks while the signature detection techniques detect known attacks.…”
Section: Hybrid/ensemble Classifiersmentioning
confidence: 99%
“…Hwang et al (2007) has proposed a 3 tier hybrid approach to detect intrusions. First tier of system is signature based approach to filter the known attacks using black list concept.…”
Section: Hybrid/ensemble Classifiersmentioning
confidence: 99%
See 1 more Smart Citation
“…The latter employs typical RF and its variant for outlier detection in misuse detection component and anomaly detection component. Hwang et al [16] provided a three-tier IDS with a similar design. They added an additional misuse detection component after the anomaly detection component (in stage 2); the misuse detection component classifies suspicious traffic into four classes: Denial of Service (DoS), Probing (Prb), user to remote (U2R) and remote to local (R2L) attacks.…”
Section: Related Studiesmentioning
confidence: 99%
“…In 2000, Lippmann et al presented a relative study [20] of various classification algorithms for intrusion detection in 2000. A framework [21] that uses different classification algorithms in order to train classifiers on the dataset of benign and malicious executable so that they can detect the category of new executable was developed by Schultz et al in 2001. In 2007, Hwang et al presented a 3-tier architecture IDS [22] that comprises of three different lists: black list, while list and multi-class. White list comprises of normal traffic, black list comprises of known attacks from the traffic and multi-class comprises of anomalies that are identified in the normal traffic.…”
Section: Related Workmentioning
confidence: 99%