Abstract
It is very difficult to select useful measures and to generate patterns detecting attacks from network. Patterns to detect intrusions are usually generated by expert’s experiences that need a lot of man-power, management expense and time. This paper proposes the statistical methods for detecting attacks without expert’s experiences. The methods are to select the detection measures from features of network connections and to detect attacks. We extracted normal and each attack data from network connections, and selected the measures for detecting attacks by relative entropy. Also we made probability patterns and detected attacks by likelihood ratio. The detection rates and the false positive rates were controlled by the different threshold in the method. We used KDD CUP 99 dataset to evaluate the performance of the proposed methods.
This work was supported (in part) by the Ministry of Information & Communications, Korea, under the Information Technology Research Center (ITRC) Support Program.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Denning, D.E.: An Intrusion-Detection Model. IEEE Trans. on Software Engineering, (2) (1987)
The third international Knowledge discovery and data mining tools competition dataset KDD 1999 CUP (1998), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Smaha, S.E.: Haystack: An Intrusion Detection System. In: Proceedings of the Fourth Aerospace Computer Security Applications Conference (1988)
Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Intl. of Digital Evidence 1 (2003)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Application of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Liao, Y., Vemuri, R.: Using Text Categorization Techiques for Intrusion Detection. In: The 11th USENIX Security Symposium (2002)
Lippmann, R.P., Freid, D.J., et al.: Evaluating Intrusion Detection System: The 1998 DARPA off-line Intrusion Detection Evaluation. In: Proceeding of the 2000 DARPA Information Survivability Conference and Exposition, vol. 2 (1999)
Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (2001)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley Interscience, Hoboken (2001)
Gil-Jong, M., Yong-Min, K., DongKook, K., Bong-Nam, N.: Improvement of Detection Ability According to Optimum Selection of Measures Based on Statistical Approach
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mun, GJ., Kim, YM., Kim, D., Noh, BN. (2006). Network Intrusion Detection Using Statistical Probability Distribution. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751588_36
Download citation
DOI: https://doi.org/10.1007/11751588_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34072-0
Online ISBN: 978-3-540-34074-4
eBook Packages: Computer ScienceComputer Science (R0)