(The) Design and analysis of intrusion detection systems using data mining

Abstract

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. This prompted an emerging market of companies to develop and deploy new intrusion detection technologies. However, most of existing intrusion detection systems identify security attacks mainly through the misuse detection method by using a set of rules based on the historical hacking patterns. This pure pattern matching methodology has high rate of false positive errors, and cannot detect new hacking patterns. In other words, it is vulnerable to previously unidentified attack patterns and variations of attacks result in increasing the false negative error rate. Therefore, the concern of more delicate and malicious intrusions into the open network environments remains very high and increases the urgency for a more advanced intrusion detection systems. In this research, we propose a Hybrid Intrusion Detection Systems (HIDS) that can detect intrusion through the misuse detection method adopting the inductive learning (or case-based reasoning) and anomaly detection method adopting artificial neural network. As a first step of detection, the misuse detection method using inductive learning and case-based reasoning can filter out the attacks that resemble previously identified intrusion in the current Intrusion Detection Systems. As a second step of detection, the anomaly detection method handles all attacks that initially passed the misuse detection method step. The anomaly detection is designed using a sophisticated neural network model to achieve a high detection rate. Detection performance is increased significantly through the two steps of approaches just described along with the advanced schemes we developed. We validated the proposed model using a real set of data aggregated from Cyber-PATROL Inc. in Korea. This research also investigates the asymmetric costs of false positive and neg...