Enhancing network intrusion detection system with interval methods

Qiang Duan, Chenyi Hu, Han Chieh Wei

Research output: Contribution to conferencePaper

3 Citations (Scopus)

Abstract

Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.

Original languageEnglish (US)
Pages1444-1448
Number of pages5
DOIs
StatePublished - Dec 1 2005
Event20th Annual ACM Symposium on Applied Computing - Santa Fe, NM, United States
Duration: Mar 13 2005Mar 17 2005

Other

Other20th Annual ACM Symposium on Applied Computing
CountryUnited States
CitySanta Fe, NM
Period3/13/053/17/05

Fingerprint

Intrusion detection
Network management
Computational complexity
Costs

All Science Journal Classification (ASJC) codes

  • Software

Cite this

Duan, Q., Hu, C., & Wei, H. C. (2005). Enhancing network intrusion detection system with interval methods. 1444-1448. Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States. https://doi.org/10.1145/1066677.1067006
Duan, Qiang ; Hu, Chenyi ; Wei, Han Chieh. / Enhancing network intrusion detection system with interval methods. Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States.5 p.
@conference{7e9d5020d00949a19afe13ec3d4cdc0e,
title = "Enhancing network intrusion detection system with interval methods",
abstract = "Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.",
author = "Qiang Duan and Chenyi Hu and Wei, {Han Chieh}",
year = "2005",
month = "12",
day = "1",
doi = "10.1145/1066677.1067006",
language = "English (US)",
pages = "1444--1448",
note = "20th Annual ACM Symposium on Applied Computing ; Conference date: 13-03-2005 Through 17-03-2005",

}

Duan, Q, Hu, C & Wei, HC 2005, 'Enhancing network intrusion detection system with interval methods', Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States, 3/13/05 - 3/17/05 pp. 1444-1448. https://doi.org/10.1145/1066677.1067006

Enhancing network intrusion detection system with interval methods. / Duan, Qiang; Hu, Chenyi; Wei, Han Chieh.

2005. 1444-1448 Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States.

Research output: Contribution to conferencePaper

TY - CONF

T1 - Enhancing network intrusion detection system with interval methods

AU - Duan, Qiang

AU - Hu, Chenyi

AU - Wei, Han Chieh

PY - 2005/12/1

Y1 - 2005/12/1

N2 - Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.

AB - Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.

UR - http://www.scopus.com/inward/record.url?scp=33644555204&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33644555204&partnerID=8YFLogxK

U2 - 10.1145/1066677.1067006

DO - 10.1145/1066677.1067006

M3 - Paper

AN - SCOPUS:33644555204

SP - 1444

EP - 1448

ER -

Duan Q, Hu C, Wei HC. Enhancing network intrusion detection system with interval methods. 2005. Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States. https://doi.org/10.1145/1066677.1067006