KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Efficient Feature Selection Based Near Real-Time Hybrid Intrusion Detection System

근 실시간 조건을 달성하기 위한 효과적 속성 선택 기법 기반의 고성능 하이브리드 침입 탐지 시스템

  • 이우솔 (육군 3사관학교 컴퓨터공학과) ;
  • 오상윤 (아주대학교 소프트웨어학과)
  • Received : 2016.07.22
  • Accepted : 2016.09.01
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

최근 국가 기반 시스템, 국방 및 안보 시스템 등에 대한 사이버 공격의 피해 규모가 점차 커지고 있으며, 군에서도 사이버전에 대한 중요성을 인식하고 전 평시 구분 없이 대비하고 있다. 이에 네트워크 보안에서 탐지와 대응에 핵심적인 역할을 하는 침입 탐지 시스템의 중요성이 증대되고 있다. 침입 탐지 시스템은 탐지 방법에 따라 오용 탐지, 이상 탐지 방식으로 나뉘는데, 근래에는 두 가지 방식을 혼합 적용한 하이브리드 침입 탐지 방식에 대한 연구가 진행 중이다. 그렇지만 기존 연구들은 높은 계산량이 요구된다는 점에서 근 실시간 네트워크 환경에 부적합하다는 문제점이 있었다. 본 논문에서는 기존의 하이브리드 침입 탐지 시스템의 성능 문제를 보완할 수 있는 효과적인 속성 선택 기법을 적용한 의사 결정 트리와 가중 K-평균 알고리즘 기반의 고성능 하이브리드 침입 탐지 시스템을 제안하였다. 상호 정보량과 유전자 알고리즘 기반의 속성 선택 기법을 적용하여 침입을 더 빠르고 효율적으로 탐지할 수 있으며, 오용 탐지 모델과 이상 탐지 모델을 위계적으로 결합하여 구조적으로 고도화된 하이브리드 침입 탐지 시스템을 제안하였다. 실험을 통해 제안한 하이브리드 침입 탐지 시스템은 98.68%로 높은 탐지율을 보장함과 동시에, 속성 선택 기법을 적용하여 고성능 침입 탐지를 수행할 수 있음을 검증하였다.

Keywords

References

  1. Dongil Seo and Hyeonsook Cho, "The present and future of Security Technology for Cyber-Warfare," Review of KIISE, Vol.21, Iss.6, 2011.
  2. S. Noel, D. Wijesekera, and C. Youman, "Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt," in Applications of Data Mining in Computer Security, Kluwer Academic Publisher, pp.1-31, 2002.
  3. O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, "An intelligent intrusion detection system for anomaly and misuse detection in computer networks," Expert Sytems with Applications, Vol.29, No.4, pp.713-722, 2005. https://doi.org/10.1016/j.eswa.2005.05.002
  4. J, Zhang and M. Zulkernin, "A hybrid network intrusion detection technique using random forests," in Proceedings of the First International Conference on Availability, Reliability and Security, pp.262-269, 2006.
  5. Gisung Kim, Seungmin Lee, and Sehun Kim, "A novel hybrid intrusion detection method integrating anomaly detection with misuse detection," Expert Systems with Applications, Vol.41, Iss.4, Part 2, pp.1690-1700, 2014. https://doi.org/10.1016/j.eswa.2013.08.066
  6. Xin Xu and Xuening Wang, "An adaptive network intrusion detection method based on PCA and support vector machines," International Conference on Advanced Data Mining and Application, 2005.
  7. C. Lazar, J. Taminau, S. Meganck, D. Steenhoff, A. Coletta, and C. Molter, "A Survey of filter techniques for feature selection in gene expression microarray analysis," IEEE/ACM Transactions on Computational Biology and Bioinformatics (TCBB), Vol.9, Iss.4, pp.1106-1119, 2012. https://doi.org/10.1109/TCBB.2012.33
  8. G. Chandrashekar and F. Sahin, "A survey on feature selection methods," Computers and Electrical Engineering, Vol.40, Iss.1, pp.16-28, 2014. https://doi.org/10.1016/j.compeleceng.2013.11.024
  9. V. Bolon-Canedo, N. Sanchez-Marono, and A. Alonso-Betanzos, "Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset," Expert Systems with Applications, Vol.38, Iss.5, pp.5947-5957, 2011 https://doi.org/10.1016/j.eswa.2010.11.028
  10. F. Amiri, M.M.R. Yousefi, C. Lucas, A. Shakery, and N. Yazdani, "Mutual information-based feature selection for intrusion detection systems," Journal of Network and Computer Applications, Vol.34, Iss.4, pp.1184-1199, 2011 https://doi.org/10.1016/j.jnca.2011.01.002
  11. Jae Hoon Cho, Dae Jong Lee, Chang Kyu Song, Yong Sam Kim, and Myung Geun Chun, "Feature Selection by Genetic Algorithm and Information Theory," Journal of Korean Institute of Intelligent Systems, Vol.18, No.1, pp.94-99, 2008. https://doi.org/10.5391/JKIIS.2008.18.1.094
  12. J. R. Quinlan, "Learing decision tree classifiers," ACM Computing Surveys (CSUR), Vol.28, Iss.1, pp.71-72, 1996.
  13. UNB ISCX NSL-KDD Dataset [Internet], http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html.
  14. M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proceeding of the IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp.53-58, 2009.
  15. M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, "The WEKA data mining software: An update," ACM SIGKDD Explorations Newsletter, Vol.11, Iss.1, pp.10-18, 2009. https://doi.org/10.1145/1656274.1656278
  16. M. A. Hall, "Correlation-based Feature Subset Selection for Machine Learning," Ph.D. dissertation, The University of Waikato, Canada, 1999.
  17. H. Liu and R. Setiono, "A probabilistic approach to feature selection - A filter solution," in 13th International Conference on Machine Learning, pp.319-327, 1996.
  18. A. Moraglio, C. Di Chio, and R. Poli, "Geometric Particle Swarm Optimisation," in Proceedings of the 10th European Conference on Genetic Programming, pp.125-136, 2007.