Enhancing network intrusion detection system with interval methods

Qiang Duan, Chenyi Hu, Han Chieh Wei

Research output: Contribution to conferencePaper

4 Scopus citations

Abstract

Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.

Original languageEnglish (US)
Pages1444-1448
Number of pages5
DOIs
StatePublished - Dec 1 2005
Event20th Annual ACM Symposium on Applied Computing - Santa Fe, NM, United States
Duration: Mar 13 2005Mar 17 2005

Other

Other20th Annual ACM Symposium on Applied Computing
CountryUnited States
CitySanta Fe, NM
Period3/13/053/17/05

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Enhancing network intrusion detection system with interval methods'. Together they form a unique fingerprint.

  • Cite this

    Duan, Q., Hu, C., & Wei, H. C. (2005). Enhancing network intrusion detection system with interval methods. 1444-1448. Paper presented at 20th Annual ACM Symposium on Applied Computing, Santa Fe, NM, United States. https://doi.org/10.1145/1066677.1067006