Presentation is loading. Please wait.

Presentation is loading. Please wait.

2004. 8. 24. Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea.

Published byJoel Myron Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "2004. 8. 24. Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea."— Presentation transcript:

1 2004. 8. 24. Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea

2 WISA 2004 LSRC, Chonnam National University 2/14 Contents Introduction Related Works Automatic Generation of Rules using TIA The Experiments Conclusions

3 WISA 2004 LSRC, Chonnam National University 3/14 I. Introduction Signature-based Network Intrusion Detection Require more time generating rules because of dependence on knowledge of experts Varies according to selection of network measures in the detection Our approaches Automatically generates the detection rules by using tree induction algorithms Improve the detection by automatic selection of network measures Our expectations Detection rules generated independent of knowledge of experts The performance of detection could be improved

4 WISA 2004 LSRC, Chonnam National University 4/14 II. Related Works The previous researches Florida Univ. LERAD (Learning Rules for Anomaly Detection) Generating conditional rules New Mexico Univ. SVM (Support Vector Machine) SVM based Ranking method Applied Research Lab. of Teas Univ. NEDAA (Exploitation Detection Analyst Assistant) Genetic algorithm & Decision Tree Problems Used limited measures (src/dst. IP/Port, Protocol, etc.) Not treats of the continuous measures

5 WISA 2004 LSRC, Chonnam National University 5/14 III. Automatic Generation of Rules (1/5) Tree Induction Algorithms A classification method using data mining The constructed trees provide a superior measure selection an easy explanation for constructed tree models The C4.5 algorithm Automatically generates trees by calculating the IG (Information Gain) according to the Entropy Reduction Could be classified in case of existing along with variables having continuous and discrete attributes

6 WISA 2004 LSRC, Chonnam National University 6/14 Automatic Generation of Rules (2/5) Automatic Generation Model of Rules

7 WISA 2004 LSRC, Chonnam National University 7/14 Automatic Generation of Rules (3/5) Modified C4.5 algorithm

8 WISA 2004 LSRC, Chonnam National University 8/14 Automatic Generation of Rules (4/5) Treatment of Continuous Distributions f(x) Continuous  Discrete

9 WISA 2004 LSRC, Chonnam National University 9/14 Automatic Generation of Rules (5/5) Change of Selection for Network Measures GRR (Good Rule Rate) To select measures having high priority Threshold value is 0.5 as binary (G | B) R G (Good Rule) affected positively generating of detection rules Reflected next learning R B (Bad Rule) affected negatively generating of detection rules Excluded next learning

10 WISA 2004 LSRC, Chonnam National University 10/14 IV. The Experiments (1/3) Experiment Dataset The 1999 DARPA IDS Evaluation dataset (DARPA99) 191,077 TCP sessions in Week 4 dataset After treats of continuous measures The detection rate increased 20% The false rate decreased 15%

11 WISA 2004 LSRC, Chonnam National University 11/14 The Experiments (2/3) The Result of GRR Calculation Network measure selected from Ostermann’s TCPtrace (80 measures) G(Good), B(Bad), I(Ignore), RST(Result;G|B|I), SLT(Select; O|X) Step#: The # of repeat experiment Threshold value = 0.5

12 WISA 2004 LSRC, Chonnam National University 12/14 The Experiments (3/3) The ROC Evaluation According to selection of priority measures Detection rate increased False rate decreased Step0 Step1 Step2 Step3 Step0 Step1 Step2 Step3

13 WISA 2004 LSRC, Chonnam National University 13/14 V. Conclusions Automatically generates detection rules using Tree Induction algorithm without support of experts Solve the problems according to measure selection continuous type converting into categorical type selection of priority measures by calculating GRR detection rate was increased and false rate was decreased

14 WISA 2004 LSRC, Chonnam National University 14/14 Q & A Contact Us E-mail: mir@lsrc.jnu.ac.kr Thank You!

Download ppt "2004. 8. 24. Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea."

Similar presentations

Applications of one-class classification

Applications of one-class classification
Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California

Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Data Mining Lecture 9.

Data Mining Lecture 9.
Learning in Neural and Belief Networks - Feed Forward Neural Network 2001 년 3 월 28 일 20013329 안순길.

Learning in Neural and Belief Networks - Feed Forward Neural Network 2001 년 3 월 28 일 안순길.
DECISION TREES. Decision trees  One possible representation for hypotheses.

DECISION TREES. Decision trees  One possible representation for hypotheses.
Paper By - Manish Mehta, Rakesh Agarwal and Jorma Rissanen

Paper By - Manish Mehta, Rakesh Agarwal and Jorma Rissanen
Huffman code and ID3 Prof. Sin-Min Lee Department of Computer Science.

Huffman code and ID3 Prof. Sin-Min Lee Department of Computer Science.
Decision Tree Approach in Data Mining

Decision Tree Approach in Data Mining
Data Mining Classification: Basic Concepts, Decision Trees, and Model Evaluation Lecture Notes for Chapter 4 Part I Introduction to Data Mining by Tan,

Data Mining Classification: Basic Concepts, Decision Trees, and Model Evaluation Lecture Notes for Chapter 4 Part I Introduction to Data Mining by Tan,
© Tan,Steinbach, Kumar Introduction to Data Mining 4/18/2004 1 Other Classification Techniques 1.Nearest Neighbor Classifiers 2.Support Vector Machines.

© Tan,Steinbach, Kumar Introduction to Data Mining 4/18/ Other Classification Techniques 1.Nearest Neighbor Classifiers 2.Support Vector Machines.
Classification Techniques: Decision Tree Learning

Classification Techniques: Decision Tree Learning
Decision Tree under MapReduce Week 14 Part II. Decision Tree.

Decision Tree under MapReduce Week 14 Part II. Decision Tree.
1. Abstract 2 Introduction Related Work Conclusion References.

1. Abstract 2 Introduction Related Work Conclusion References.
Amir Hossein Momeni Azandaryani Course : IDS Advisor : Dr. Shajari 26 May 2008.

Amir Hossein Momeni Azandaryani Course : IDS Advisor : Dr. Shajari 26 May 2008.
SAK 5609 DATA MINING Prof. Madya Dr. Md. Nasir bin Sulaiman 03-89466514.

SAK 5609 DATA MINING Prof. Madya Dr. Md. Nasir bin Sulaiman
1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.

1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.
Decision Tree Algorithm

Decision Tree Algorithm
1 MACHINE LEARNING TECHNIQUES IN IMAGE PROCESSING By Kaan Tariman M.S. in Computer Science CSCI 8810 Course Project.

1 MACHINE LEARNING TECHNIQUES IN IMAGE PROCESSING By Kaan Tariman M.S. in Computer Science CSCI 8810 Course Project.
Introduction to WEKA Aaron 2/13/2009. Contents Introduction to weka Download and install weka Basic use of weka Weka API Survey.

Introduction to WEKA Aaron 2/13/2009. Contents Introduction to weka Download and install weka Basic use of weka Weka API Survey.

Similar presentations

Ads by Google