Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Comparative Study on the Performance of SVM and an Artificial Neural Network in Intrusion Detection

SVM과 인공 신경망을 이용한 침입탐지 효과 비교 연구

  • Jo, Seongrae (Dept. of MIS, College of Business, Gyeongsang National University) ;
  • Sung, Haengnam (College of Business, Gyeongsang National University) ;
  • Ahn, Byung-Hyuk (Dept. of MIS, College of Business, Gyeongsang National University)
  • 조성래 (경상대학교 경영대학 경영정보학과) ;
  • 성행남 (경상대학교 경영대학) ;
  • 안병혁 (경상대학교 경영대학 경영정보학과)
  • Received : 2015.11.26
  • Accepted : 2016.02.04
  • Published : 2016.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

IDS (Intrusion Detection System) is used to detect network attacks through network data analysis. The system requires a high accuracy and detection rate, and low false alarm rate. In addition, the system uses a range of techniques, such as expert system, data mining, and state transition analysis to analyze the network data. The purpose of this study was to compare the performance of two data mining methods for detecting network attacks. They are Support Vector Machine (SVM) and a neural network called Forward Additive Neural Network (FANN). The well-known KDD Cup 99 training and test data set were used to compare the performance of the two algorithms. The accuracy, detection rate, and false alarm rate were calculated. The FANN showed a slightly higher false alarm rate than the SVM, but showed a much higher accuracy and detection rate than the SVM. Considering that treating a real attack as a normal message is much riskier than treating a normal message as an attack, it is concluded that the FANN is more effective in intrusion detection than the SVM.

침입탐지시스템은 네트워크 데이터 분석을 통해 네트워크 침입을 탐지하는 역할을 수행하고 침입탐지를 위해 높은 수치의 정확도와 탐지율, 그리고 낮은 수치의 오경보율이 요구된다. 또한 네트워크 데이터 분석을 위해서는 전문가 시스템, 데이터 마이닝, 상태전이 분석(state transition analysis) 등 다양한 기법이 이용된다. 본 연구의 목적은 데이터 마이닝을 이용한 네트워크 침입탐지기법인 두 기법의 탐지효과를 비교하는데 있다. 첫번째 기법은 기계학습 알고리즘인 SVM이고 두번째 알고리즘은 인공 신경망 모형 중의 하나인 FANN이다. 두 기법의 탐지효과를 비교하기 위해 침입 탐지에 많이 쓰이는 KDD Cup 99 훈련 및 테스트 데이터를 이용하여 탐지의 정확도, 탐지율, 오경보율을 계산하고 비교하였다. 정상적인 데이터를 침입으로 간주하는 오경보율의 경우 SVM보다 FANN이 약간 많은 오경보율을 보이나, 탐지의 정확도 및 침입을 찾아내는 탐지율에서 FANN은 SVM보다 월등한 탐지효과를 보여준다. 정상적인 데이터를 침입으로 간주했을 때의 위험보다는 실제 침입을 정상적인 데이터로 인식할 때의 위험도가 훨씬 큰 것을 감안하면 FANN이 SVM보다 침입탐지에 훨씬 효과적임을 보이고 있다.

Keywords

References

  1. Dea-Woo Park, "Consideration for Hacking on National Cyber Security Policy," Review of KIISC, Vol. 21, No. 6, pp. 24-41, 2011.
  2. Bace, R. and Mell, P., NIST Special Publication on Intrusion Detection Systems, BOOZ-ALLEN AND HAMILTON INC MCLEAN VA, 2001. DOI: http://dx.doi.org/10.6028/NIST.SP.800-31
  3. Hwan Seok Yang, "The Study on Rules for Performance Improvement of Intrusion Detection System," The Journal of KINGComputing, Vol. 5, No. 3, pp. 43-49, 2009.
  4. Kyu Won Lee, Jae Won Ji, Hyun Woo Chun, Sang-jo Youk , Geuk Lee, "Traffic Analysis Technique for Intrusion Detectionin in Wireless Network," Journal of Security Engineering, Vol. 7, No. 6, pp. 599-607, 2010.
  5. Abadeh, M. S., Habibi, J., and Lucas, C., "Intrusion Detection Using a Fuzzy Genetics-based Learning Algorithm," Journal of Network and Computer Applications, Vol. 30, No. 1, pp. 414-428, 2007. DOI: http://dx.doi.org/10.1016/j.jnca.2005.05.002
  6. Zarrabi, A. and Zarrabi, A., "Internet Intrusion Detection System Service in a Cloud," International Journal of Computer Science Issues, Vol. 9, Issue 5, No. 2, pp. 308-315, 2012.
  7. Fares, A. H., Sharawy, M. I., and Zayed, H. H., "Intrusion Detection: Supervised Machine Learning," Journal of Computing Science and Engineering, Vol. 5, No. 4, pp. 305-313, 2011. DOI: http://dx.doi.org/10.5626/JCSE.2011.5.4.305
  8. Wu, S. and Yen, E., "Data Mining-based Intrusion Detectors," Expert Systems with Applications, Vol. 36, No. 3, pp. 5605-5612, 2009. DOI: http://dx.doi.org/10.1016/j.eswa.2008.06.138
  9. Beigh, B. M. and Peer, M. A., "Intrusion Detection and Prevention System: Classification and Quick Review," ARPN Journal of Science and Technology, Vol. 2, No. 7, pp. 661-675, 2012.
  10. Kumar, Y. and Dhawan, S., "A Review on Information Flow in Intrusion Detection System," International Journal of Computational Engineering and Management, Vol. 15, No. 1, pp. 91-96, 2012.
  11. Singaraju, S. and Kalpana, P., "A Precise Survey on Intrusion Detection Systems," International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 2, No. 9, pp. 243-247, 2012.
  12. Denning, D. E., "An Intrusion-Detection Model," IEEE Transaction on Software Engineering, Vol. 13, No. 2, pp. 222-232, 1987. DOI: http://dx.doi.org/10.1109/TSE.1987.232894
  13. Nguyen, H. A., and Choi. D., "Application of Data Mining to Network Intrusion Detection: Classifier Selection Model," Challenges for Next Generation Network Operations and Service Management -Lecture Notes in Computer Science, Vol. 5297, pp. 399-408, 2008.
  14. Jalil, K. A., Kamarudin, M. H., and Masrek, M. N., "Comparison of Machine Learning Algorithms Performance in Detecting Network Intrusion," Networking and Information Technology 2010 International Conference, pp. 221-226, 2010.
  15. Osareh, A. and Shadgar, B., "Intrusion Detection in Computer Networks Based on Machine Learning Algorithms," International Journal of Computer Science and Network Security, Vol. 8, No. 11, pp. 15-23, 2008.
  16. Ibrahim, H. E., Badr, S. M., and Shaheen, M. A., "Phases vs. Levels using Decision Trees for Intrusion Detection Systems," International Journal of Computer Science and Information Security, Vol. 10, No. 8, pp. 1-7, 2012.
  17. Vapnik, V. N., The Nature of Statistical Learning Theory, Springer, 1995. DOI: http://dx.doi.org/10.1007/978-1-4757-2440-0
  18. McCulloch, Warren S., and Walter Pitts., "A logical Calculus of the Ideas Immanent in Nervous Activity," The Bulletin of Mathematical Biophysics, Vol. 5, No. 4, pp. 115-133, 1943. DOI: http://dx.doi.org/10.1007/BF02478259
  19. Rosenblatt, F., Principle of Neuro Dynamics, Washington, D.C.:Spartan Books, 1962.
  20. Minsky, M., and Papert, S., Perceptrons, Cambridge, MA : MIT Press, 1969.
  21. Rumelhart, D. E., Hilton, G. E., and Williams, R. J., "Learning Internal Representation by Error Propagation," ICS Report, Institute for Cognitive Science, University of California, San Diego, 1986.
  22. Ahn, B. H., "Forward Additive Neural Network Models," PhD dissertation, Kent State University, Kent, OH, USA, 1996.
  23. Hansung Lee, Younghee Im, Jooyoung Park, Daihee Park, "Adaptive Intrusion Detection System Based on SVM and Clustering ," Journal of Korean Institute of Intelligent Systems, Vol. 13, No. 2, pp. 237-242, 2003. https://doi.org/10.5391/JKIIS.2003.13.2.237
  24. Chang, C. C. and Lin, C. J., "LIBSVM: A Library for Support Vector Machine," ACM Transactions on Intelligent Systems and Technology, Vol. 2, No. 3, pp. 1-27, 2011. DOI: http://dx.doi.org/10.1145/1961189.1961199