Abstract
It is well known that signature based intrusion detection systems are only able to detect known attacks. Unfortunately, current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environment. Current hackers are using new attacks where neither access control systems nor current signature based systems can prevent the devastating results of these attacks against information systems. We enhance the notion of anomaly detection, introduce necessary conditions that should be taken into account by the building detection models and propose a new machine learning algorithm based on decision trees to discover known and unknown attacks in real time. Experimental results demonstrate that the proposed method is highly successful in detecting new attacks and significantly outperforms previous work.
This work was completed when the author was a PhD student at ENST Bretagne.
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Confusion Matrix
- Anomaly Detection
- Intrusion Detection System
- Decision Tree Algorithm
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James. P. Anderson Co., Fort Washington, Pennsylvania, 1980.
Y. Bouzida and S. Gombault. Eigenconnections to Intrusion Detection. In 19th IFIP International Information Security Conference (SEC’2004), pages 241–258, Toulouse, France, August 2004. Kluwer Academic Publishers.
DARPA Intrusion Detection Evaluation. Available at: http://www.ll.mit.edu/IST/ideval/data/data_index.html, 1998.
C. Elkan. Results of the KDD’99 Classifier Learning. ACM SIGKDD, 1:63–64, 2000.
S. Hettich and S. D. Bay. The UCI KDD Archive. Available at: http://kdd.ics.uci.edu/, 1999.
W. Lee and S. Stolfo. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 3(4), November 2000.
J. R. Quintan. C4.5: Programs for machine learning. Morgan Kaufmann Publishers, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Bouzida, Y., Cuppens, F. (2006). Detecting Known and Novel Network Intrusions. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_22
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_22
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)