Journal of the Korean Institute of Intelligent Systems (한국지능시스템학회논문지)

Korean Institute of Intelligent Systems (한국지능시스템학회)
권호 표지
DOI QR코드

DOI QR Code

Intrusion Detection System Based on Multi-Class SVM

다중 클래스 SVM기반의 침입탐지 시스템

  • 이한성 (고려대학교 컴퓨터정보학과) ;
  • 송지영 (고려대학교 컴퓨터정보학과) ;
  • 김은영 (국가보안기술연구소) ;
  • 이철호 (국가보안기술연구소) ;
  • 박대희 (고려대학교 컴퓨터정보학과)
  • Published : 2005.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a new intrusion detection model, which keeps advantages of existing misuse detection model and anomaly detection model and resolves their problems. This new intrusion detection system, named to MMIDS, was designed to satisfy all the following requirements : 1) Fast detection of new types of attack unknown to the system; 2) Provision of detail information about the detected types of attack; 3) cost-effective maintenance due to fast and efficient learning and update; 4) incrementality and scalability of system. The fast and efficient training and updating faculties of proposed novel multi-class SVM which is a core component of MMIDS provide cost-effective maintenance of intrusion detection system. According to the experimental results, our method can provide superior performance in separating similar patterns and detailed separation capability of MMIDS is relatively good.

본 논문에서는 기존의 침입탐지 모델인 오용탐지 모델과 비정상 탐지 모델의 장점은 유지하되 단점은 보완하는 견지에서 새로운 침입탐지 모델을 제안한다. MMIDS로 명명된 새로운 침입탐지시스템은 다음의 평가 기준들을 모두 만족하는 차원에서 설계되었다: 1) 시스템에서 학습되지 않은 새로운 공격 유형의 신속한 발견; 2) 탐지된 공격 유형에 대한 세부적 정보의 제공; 3) 빠르고 효율적인 학습 및 갱신으로 인한 경제적인 시스템의 유지/보수; 4) 시스템의 점증성(incrementality) 및 확장성. MMIDS의 핵심 구성요소로 새롭게 제안된 다중 클래스 SVM은 빠르고 효율적인 학습 및 갱신이 가능하여 침입탐지 시스템의 유지보수 비용을 절감할 수 있다. 실험을 통해 유사한 공격 패턴에 대한 분류성능 및 각 공격 유형별 세분화 능력이 우수함을 보인다.

Keywords

References

  1. 이장현, 김성옥, "신경회로망을 이용한 비정상적인 패킷탐지", 정보보호학회 논문지, 제 11권, 제 5호, pp. 105-117, 2001.
  2. Steven Noel, Duminda Wijesekera, and Charles Youman, "Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt," in Applications of Data Mining in Computer Security, Kluwer Academic Publisher, pp. 1-31, 2002.
  3. 이한성, 임영희, 박주영, 박대희, "SVM과 클러스터링 기반 적응형 침입탐지 시스템", 퍼지 및 지능시스템학회 논문지, Vol. 13, No. 2, pp. 237-242, 2003 https://doi.org/10.5391/JKIIS.2003.13.2.237
  4. WunHwa Chen, ShengHsun Hsu, and H. P. HwangPin Shen, "Application of SVM and ANN for intrusion detection", Computers & Operations Research, ELSEVIER, Vol. 32, Issue 10, pp. 2617-2634, 2005 https://doi.org/10.1016/j.cor.2004.03.019
  5. KunLun Li, HouKuan Huang, ShengFeng Tian, and Wei Xu, "Improving one-class SVM for anomaly detection", International Conference on Machine Learning and Cybernetics, Vol. 5, pp. 3077-3081, 2003
  6. Ambwani, T., "Multi class support vector machine implementation to intrusion detection", Proceedings of the International Joint Conference on Neural Networks, Vol. 3, pp. 2300-2305, 2003
  7. C.W. Hsu and C.J. Lin., "A comparison of methods for multi-class support vector machines", IEEE Transactions on Neural Networks, Vol. 13, pp. 415-425, 2002 https://doi.org/10.1109/72.991427
  8. 박주영, 임채환, "비정상 상태 탐지 문제를 위한 서포트벡터 학습", 퍼지 및 지능시스템학회 논문지, Vol. 13, No. 3, pp. 266-274, 2003 https://doi.org/10.5391/JKIIS.2003.13.3.266
  9. David M.J. Tax and Robert P.W. Duin, "Uniform Object Generation for Optimizing One-class Classifiers", Journal of Machine Learning Research, Vol. 2, Issue 2, pp. 155-173, 2001 https://doi.org/10.1162/15324430260185583
  10. KDD CUP 1999 DATA, Available in http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html and http://www-cse.ucsd.edu/users/elkan/kdresults.html
  11. Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy and Salvatore Stolfo. "A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data", in Applications of Data Mining in Computer Security, Kluwer Academic Publisher, pp. 77-101, 2002
  12. Results of the KDD '99 Classifier Learning Contest, Available in http://www-cse.ucsd.edu/users/elkan/clresults.html
  13. Wenke Lee, Salvatore J. Stolfo, and Kui W. Mok, "A data mining framework for building intrusion detection models", Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120-132, 1999.
  14. Liu, Y., Chen, K., Liao, X., and Zhang, W., "A Genetic Clustering Method for Intrusion Detection", Pattern Recognition, Vol. 37, Issue 5, pp. 927-942. 2004. https://doi.org/10.1016/j.patcog.2003.09.011
  15. Kayacik, H.G., Zincir-Heywood, A.N., and Heywood, M.I., "On the capability of an SOM based intrusion detection system", Proceedings of the International Joint Conference on Neural Networks, Vol. 3, pp. 1808-1813, 2003.

Cited by

  1. Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids vol.2, pp.4, 2011, https://doi.org/10.1109/TSG.2011.2159818
  2. Intruder Detection System Based on Pyroelectric Infrared Sensor vol.26, pp.5, 2016, https://doi.org/10.5391/JKIIS.2016.26.5.361