Summary
The problem of network security and intrusion detection is discussed at first, and then some data-mining-based methods are presented to solve these problems. The problems, possibilities, and methods of data mining solutions for intrusion detection are further analyzed. The art of rough-set-based solutions for network security, and application frame are also discussed. It is shown that rough-set-based method is promising in terms of detection accuracy, requirement for training data set and efficiency. Rough-set-based new techniques such as data reduction, incremental mining, uncertain data mining, and initiative data mining are suggested for intrusion detection systems.
This paper is partially supported by National Natural Science Foundation of P.R. China (No.60373111), Key Science and Technology Research Foundation by the State Education Ministry of P.R. China, Application Science Foundation of Chongqing of P.R. China, and Science and Technology Research Program of the Municipal Education Committee of Chongqing of P.R.China.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Noel, S., Wijesekera, D. and Youman, C.(2002). Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt, in Applications of Data Mining in Computer Security, Daniel Barbar and Sushil Jajodia (eds.), Kluwer Academic Publishers.
Denning, D.E. (1987). An Intrusion-Detection Model, IEEE Transactionson Software Engineering, vol.13, pp.222–232
Lunt, T. F. A.(1993). Survey of Intrusion Detection Techniques, Computers and Security, vol. 12(4), pp. 405–418.
Kemmerer, R. A. (1997). NSTAT: A Model-based Real-time Network Intrusion Detection System, University of California Santa Barbara Department of Computer Science, Santa Barbara, CA, Technical Report TR 1997-18.
Spafford, E. H. and Zamboni, D.(2000). Intrusion Detection Using Autonomous Agents, Computer Networks, vol. 34, pp. 547–570.
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R. and Zerkle, D.(1996). GrIDS-A Graph Based Intrusion Detection System for Large Networks, Proceedings of 19th National Information Systems Security Conference, Baltimore, MD, pp. 361–370.
Neumann, P. G. and Porras, P. A.(1999). Experience with EMERALD to Date, Proceedings of First Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, pp. 73–80.
Vigna, G. and Kemmerer, R. A.(1998). NetSTAT: A Network-based Intrusion Detection Approach, Proceedings of 14th Annual Computer Security Applications Conference, Phoenix, AZ, pp. 25–34.
Yang, J., Ning, P., Wang, X. S.(2000). and Jajodia, S. CARDS: A Distributed System for Detecting Coordinated Attacks, Proceedings of IFIP TC11 16th Annual Working Conference on Information Security, pp. 171–180.
Warrender, C., Forrest, S. and Pearlmutter, B.(1999). Detecting intrusions using system calls: alternative data models, 1999 IEEE Symposium on Security and privacy, IEEE Computer Socitey, pp. 133–145.
Ko, C.(2000). Logic Induction of Valid Behavior Specifications for Intrusion Detection, 2000 IEEE Symposium on Security and Privacy, Berkeley, California, USA, pp. 142–153.
Lee, W, Stolfo, S. J. and Mok, K.(1999). A Data Mining Framework for Building Intrusion Detection Models, 1999 IEEE Symposium on Security and Privacy, pp. 120–132.
Eskin, E., Miller, M., Zhong, Z. D., Yi, G., Lee, W. A. and Stolfo, S. (2000). Adaptive Model Generation for Intrusion Detection Systems, Proceedings of the ACMCCS Workshop on Intrusion Detection and Prevention, Athens, Greece.
Wang, G. Y. (2001). Rough Set Theory and Knowledge Acquisition, Xi’an: Xi’an Jiaotong University Press.
Zheng, Z., Wang, G. Y. and Wu, Y.(2003). A Rough Set and Rule Tree Based Incremental knowledge Acquisition Algorithm, LNAI2639, Springer-Verlag. pp. 122–129.
Wu, Y, Li, Z. J., Luo, P., Wang, G. Y.(2003). A new anti-Spam filter based on data mining and analysis of email security. Data Mining and Knowledge Discovery: Theory, Tools, and Technology V, pp. 147–154.
Li, Z. J., Wu, Y, Wang, G. Y, Hai, Y J., He. Y. P.(2004). A new framework for intrusion detection based on rough set theory. SPIE Defense and Security Symposium. Orlando, Florida USA. accepted and to appear.
http://kdd.ics.uci.edu/databases/kddcup99/
Cai, Z. M., Guan, X. H., Shao, P., Peng, Q. K., Sun, G. J. (2003) A rough set theory based method for anomaly intrusion detection in computer network systems. Expert Systems Vol.20(5), pp251–259.
Li X. J., Huang Y, Huang H. K.,(2003). An Computing Immune Model based on Poisson Procedure and Rough Inclusion. Chinese Journal of Computers. Vol.26(1), pp.71–76.
Wang, G. Y.(2002). Extension of Rough Set under Incomplete Information Systems, 2002 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), pp. 1098–1103.
Wang, G. Y. and Liu, F. (2000). The Inconsistency in Rough Set Based Rule Generation, The Second International Conference on Rough Sets and Current Trends in Computing (RSCTC’2000), Canada, pp. 370–377.
Wang, G. Y and He, X. (2003). A Self-learning Model under Uncertain Condition, Journal of Software, vol. 14(6), 2003, pp. 1096–1102.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, G., Chen, L., Wu, Y. (2005). Rough Set Based Solutions for Network Security. In: Monitoring, Security, and Rescue Techniques in Multiagent Systems. Advances in Soft Computing, vol 28. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-32370-8_35
Download citation
DOI: https://doi.org/10.1007/3-540-32370-8_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23245-2
Online ISBN: 978-3-540-32370-9
eBook Packages: EngineeringEngineering (R0)