Skip to main content
SpringerLink
Log in

Auto-generation of Detection Rules with Tree Induction Algorithm

  • Conference paper
Fuzzy Systems and Knowledge Discovery (FSKD 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3614))

Included in the following conference series:

Abstract

A generation of rule for detecting an attack from enormous network data is very difficult, and this is commonly required an expert’s experiences. An auto-generation of detection rules cut down on maintenance or management expenses of intrusion detection systems, but the problem is accuracy for the time being. In this paper, we propose an automatic generation method of detection rules with a tree induction algorithm that is adequate to search special rules based on entropy theory. While we progress the experiment on rule generation and detection with extracted information from network session data, we found a problem in selecting measures. To solve the problem, we present a method of converting the continuous measures into categorical measures and a method of choosing a good measure according to the accuracy of the generated detection rules. As the result, the detection rules for each attack are automatically generated without any help of the experts. Also, the correctness of detection improves according to the selection of network measures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. of 8th ACM SIGKDD Int. C. on KDD, vol. 1, pp. 376–385 (2002)

    Google Scholar 

  2. Ross Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann Pub, San Francisco (1993)

    Google Scholar 

  3. Mahoney, M., Chan, P.: Learning Models of Network Traffic for Detecting Novel Attacks. Florida Institute of Tech. TR. CS-2002-08 (2002)

    Google Scholar 

  4. Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis using Artificial Intelligent Techniques. Int. J. Digit. Evid 1 (2003)

    Google Scholar 

  5. Chris, S., Lyn, P., Sara, M.: An Application of Machine Learning to Network Intrusion Detection. 54th Ann. Computer Security Applications C. 12 (1999)

    Google Scholar 

  6. Kamber, H.: Data Mining Concepts and Techniques. Morgan Kaufmann Pub, San Francisco (2001)

    Google Scholar 

  7. Yoh-Han, P.: Adaptive Pattern Recognition and Neural Networks. Addison-Wesley, Reading (1989)

    MATH  Google Scholar 

  8. Dombi, J., Zsiros, A.: Learning Decision Trees in Continuous Space. Acta Cybernetica 15, 213–224 (2001)

    MATH  MathSciNet  Google Scholar 

  9. Das, K.: Attack Development for Intrusion Detection Evaluation, vol. 6. MIT Mast. Th., Cambridge (2000)

    Google Scholar 

  10. Ostermann, S.: TCPtrace (1994), http://www.tcptrace.org

Download references

Author information

Authors and Affiliations

  1. Dept. of Information Security, Mokpo Nat’l Univ., Mokpo, 534-729, Korea

    Minsoo Kim & Jae-Hyun Seo

  2. Electronics and Telecommunications Research Institute, Daejeon, 305-700, Korea

    Il-Ahn Cheong

  3. Div. of Electr-Comp. & Inform-Engin., Chonnam Nat’l Univ., Gwangju, 500-757, Korea

    Bong-Nam Noh

Authors
  1. Minsoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jae-Hyun Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Il-Ahn Cheong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bong-Nam Noh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, Nanyang Technological University, Block S1, Nanyang Avenue, 639798, Singapore

    Lipo Wang

  2. Honda Research Institute Europe GmbH, Offenbach/Main, Germany

    Yaochu Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, M., Seo, JH., Cheong, IA., Noh, BN. (2005). Auto-generation of Detection Rules with Tree Induction Algorithm. In: Wang, L., Jin, Y. (eds) Fuzzy Systems and Knowledge Discovery. FSKD 2005. Lecture Notes in Computer Science(), vol 3614. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11540007_20

Download citation

  • DOI: https://doi.org/10.1007/11540007_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28331-7

  • Online ISBN: 978-3-540-31828-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation