Abstract
In order to achieve the goal of high efficiency in intrusion detection systems, especially in the real-time attack detection environment, a compressed model is proposed in this paper. With the emergence of the new clustering methods, such as the affinity propagation, the idea of the compressed detection model tends to be mature as it is unnecessary to define the number of centers beforehand. The compressed model resulting from both the horizontal compression and the vertical compression is built with representative training data and useful attributes in each package. In addition, a distance matrix is extracted from previous steps for processing complex data. Experimental study based on two publicly available datasets presents that the compressed model proposed can effectively speed up the detection procedure (up to 184 times) and most importantly, a minimal accuracy difference is guaranteed as well (less than 1% on average).
Paper was partially supported by the National Natural Science Foundation of China under grant No.61103044, Zhejiang Natural Science Foundation of China under grant No.Y1110576.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wenke, L., Salvatore, J.S.: Data Mining Approaches for Intrusion Detection. In: USENIX Security Symposium (1998)
Varun, C., Arindam, B., Vipin, K.: Anomaly Detection: A Survey. ACM Computing Surveys 41(3), 1–58 (2009)
Frey, B.J., Dueck, D.: Clustering by Passing Messages between Data Points. Science 315(5814), 972–976 (2007)
World Internet Usage Statistics, http://www.internetworldstats.com/stats.htm
Srinivas, M., Andrew, H.S.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Annual Meeting of the Transportation Research Board (2003)
Srilatha, C., Ajith, A., Johnson, P.T.: Feature Duduction and Ensemble Design of Intrusion Detection Systems. Computer & Security – COMPSEC 24(4), 295–307 (2005)
Chang, C.C., Lin, C.J.: LIBSVM: A Library for Support Vector Machines. ACM Transactions on Intelligent Systems and Technology (TIST)Â 2(3), 27 (2011)
Information and Computer Science of University of California, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
The 3rd Cybersecurity Data Mining Competition, http://www.csmining.org/cdmc2012/
Martin, R.: Snort: Lightweight Intrusion Detection for Networks. In: USENIX Systems Administration Conference LISA, pp. 229–238 (1999)
Daniela, B., Kavé, S., Margin, M.: A Signal Processing View on Packet Sampling and Anomaly Detection. In: IEEE INFOCOM, pp. 713–721 (2010)
Yang, L., Tian-Bo, L., Li, G., Zhi-Hong, T., Lin, Q.: Optimizing Network Anomaly Detection Scheme Using Instance Selection Mechanism. In: Global Telecommunications Conference, pp. 1–7 (2009)
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)
Holte, R.C.: Very Simple Classification Rules Perform Well on Most Commonly Used Datasets. Machine Learning 11(1), 63–90 (1993)
Lincoln Laboratory, Massachusetts Institute of Technology, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
Enrique, V.: New Formulation and Improvements of the Nearest-neighbor Approximating and Eliminating Search Algorithm. Pattern Recognition Letters 15(1), 1–7 (1994)
Levenshtein, V.I.: Binary Codes Capable of Correcting Deletions, Insertions and Reversals. Soviet Physics Doklady 10 (1966)
Joseph, B.K.: An Overview of Sequence Comparison: Time Warps, String Edits, and Macromolecules. Siam Review 25(2) (1983)
Victor, B.: Metric Spaces: Iteration and Application. Cambridge University Press (1985)
Noble, C.C., Cook, D.J.: Graph-based Anomaly Detection. In: 9th ACM SIGKDD, pp. 631–636 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, S., Kim, O., Chen, T. (2013). Efficient Attack Detection Based on a Compressed Model. In: Deng, R.H., Feng, T. (eds) Information Security Practice and Experience. ISPEC 2013. Lecture Notes in Computer Science, vol 7863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38033-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-38033-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38032-7
Online ISBN: 978-3-642-38033-4
eBook Packages: Computer ScienceComputer Science (R0)