Evaluating Pattern Recognition Techniques in Intrusion Detection Systems

M. Esposito, C. Mazzariello, F. Oliviero, S. P. Romano, C. Sansone

Abstract

Pattern recognition is the discipline studying the design and operation of systems capable to recognize patterns with specific properties in data sources. Intrusion detection, on the other hand, is in charge of identifying anomalous activities by analyzing a data source, be it the logs of an operating system or in the network traffic. It is easy to find similarities between such research fields, and it is straightforward to think of a way to combine them. As to the descriptions above, we can imagine an Intrusion Detection System (IDS) using techniques proper of the pattern recognition field in order to discover an attack pattern within the network traffic. What we propose in this work is such a system, which exploits the results of research in the field of data mining, in order to discover potential attacks. The paper also presents some experimental results dealing with performance of our system in a real-world operational scenario.

References

  1. Vigna, G., Kemmerer, R.: Netstat: a network based intrusion detection system. Journal of Computer Security 7 (1999)
  2. Andersson, D.: Detecting usual program behavior using the statistical component of the nextgeneration intrusion detection expert system (nides). Technical report, Computer Science Laboratory (1995)
  3. Tyson, M.: Derbi: Diagnosys explanation and recovery from computer break-ins. Technical report (2000)
  4. Laing, B., Alderson, J.: How to guide - implementing a network based intrusion detection system. Technical report, Internet Security Systems, Sovereign House, 57/59 Vaster Road, Reading (2000)
  5. Bace, R.G.: Intrusion Detection. Macmillan Technical Publishing (2000)
  6. Baker, A.R., Caswell, B., Poor, M.: Snort 2.1 Intrusion Detection - Second Edition. Syngress (2004)
  7. Paxson, V., Terney, B.: Bro reference manual (2004)
  8. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC) 3 (2000) 227-261
  9. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: Adam: Detecting intrusion by data mining, IEEE (2001) 11-16 Workshop on Information Assurance and Security.
  10. Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: From data mining to knowledge discovery in databases. AI Magazine (1996) 37-52
  11. Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection results from the jam project. In: Proceeding of the 2000 DARPA Information Survivability Conferance and Exposition (DISCEX 7800). (2000)
  12. McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security 3 (2000) 262-294
  13. Paxson, V., Floyd, S.: Difficulties in simulating the internet. IEEE/ACM Transactions on Networking 9 (2001) 392-403
  14. Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic. PhD thesis, Florida Istitute of Technology (2003)
  15. Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Real Time Detection of Novel Attacks by Means of Data Mining. In: Proceedings of 2005 ICEIS Conference, ACM (2005)
  16. Cohen, W., Singer, Y.: Simple, fast, and effective rule learner. In: Proceedings of the Sixteenth National Conferance an Artificial Intelligence, AAAI Press / The MIT Press (1999) 335 - 342
  17. Meir, R., Ratsch, G.: An introdution to boosting and leveraging. In Mendelson, S., Smola, A., eds.: Advanced Lectures an Machine Learning, Springer Verlag (2003) 119 - 184
  18. Axelsson, S. In: The base-rate fallacy and the difficulty of intrusion detection. Volume 3 of ACM transaction on information and system security. ACM (2000) 186-205
Download


Paper Citation


in Harvard Style

Esposito M., Mazzariello C., Oliviero F., P. Romano S. and Sansone C. (2005). Evaluating Pattern Recognition Techniques in Intrusion Detection Systems . In Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems - Volume 1: PRIS, (ICEIS 2005) ISBN 972-8865-28-7, pages 144-153. DOI: 10.5220/0002575201440153


in Bibtex Style

@conference{pris05,
author={M. Esposito and C. Mazzariello and F. Oliviero and S. P. Romano and C. Sansone},
title={Evaluating Pattern Recognition Techniques in Intrusion Detection Systems},
booktitle={Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems - Volume 1: PRIS, (ICEIS 2005)},
year={2005},
pages={144-153},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002575201440153},
isbn={972-8865-28-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems - Volume 1: PRIS, (ICEIS 2005)
TI - Evaluating Pattern Recognition Techniques in Intrusion Detection Systems
SN - 972-8865-28-7
AU - Esposito M.
AU - Mazzariello C.
AU - Oliviero F.
AU - P. Romano S.
AU - Sansone C.
PY - 2005
SP - 144
EP - 153
DO - 10.5220/0002575201440153