Scholars' Mine
Missouri S&T
Research Repository
Curtis Laws Wilson Library
400 W. 14th Street
Rolla, MO 65409-0060
scholarsmine@mst.edu
| Title: | An automatically tuning intrusion detection system | |
| Author (s): | Yu, Zhenweu Tsai, J.J.P. Weigert, Thomas | |
| Department/Lab Affiliations: | Computer Science | |
| Keywords: | Attack detection model Data Mining computer security information systems intrusion detection learning algorithm model tuning algorithm self-organizing map | |
| Issue Date: | 2007-04 | |
| Publisher: | Institute of Electrical and Electronics Engineers, Inc. | |
| Citation: | Zhenwei, Yu., Tsai, J.J.P., and Weigert, Thomas. "An Automatically Tuning Intrusion Detection System." IEEE Trans. System, Man, and Cybernetics, vol. 37, no. 2, (2007). | |
| Abstract: | An intrusion detection system (IDS) is a security layer used to detect ongoing intrusive activities in information systems. Traditionally, intrusion detection relies on extensive knowledge of security experts, in particular, on their familiarity with the computer system to be protected. To reduce this dependence, various data-mining and machine learning techniques have been deployed for intrusion detection. An IDS is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current systems depends on the system operators in working out the tuning solution and in integrating it into the detection model. In this paper, an automatically tuning IDS (ATIDS) is presented. The proposed system will automatically tune the detection model on-the-fly according to the feedback provided by the system operator when false predictions are encountered. The system is evaluated using the KDDCup'99 intrusion detection dataset. Experimental results show that the system achieves up to 35% improvement in terms of misclassification cost when compared with a system lacking the tuning feature. If only 10% false predictions are used to tune the model, the system still achieves about 30% improvement. Moreover, when tuning is not delayed too long, the system can achieve about 20% improvement, with only 1.3% of the false predictions used to tune the model. The results of the experiments show that a practical system can be built based on ATIDS: system operators can focus on verification of predictions with low confidence, as only those predictions determined to be false will be used to tune the detection model. | |
| Type: | Article - Journal text | |
| In Title: | IEEE Trans. System, Man, and Cybernetics | |
| Copyright Notice: | This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. FULL COPYRIGHT INFORMATION: | |
| Publisher URL: | ||
| Link to this page: | ||
| Full Text: |
|
| title | An automatically tuning intrusion detection system | |
| contributor.author | Yu, Zhenweu | |
| contributor.author | Tsai, J.J.P. | |
| contributor.author | Weigert, Thomas | |
| contributor.deptlab | Computer Science | |
| subject | Attack detection model | |
| subject | Data Mining | |
| subject | computer security | |
| subject | information systems | |
| subject | intrusion detection | |
| subject | learning algorithm | |
| subject | model tuning algorithm | |
| subject | self-organizing map | |
| date.issued | 2007-04 | |
| publisher | Institute of Electrical and Electronics Engineers, Inc. | |
| identifier.citation | Zhenwei, Yu., Tsai, J.J.P., and Weigert, Thomas. "An Automatically Tuning Intrusion Detection System." IEEE Trans. System, Man, and Cybernetics, vol. 37, no. 2, (2007). | |
| identifier.pub.URI | ||
| description.abstract | An intrusion detection system (IDS) is a security layer used to detect ongoing intrusive activities in information systems. Traditionally, intrusion detection relies on extensive knowledge of security experts, in particular, on their familiarity with the computer system to be protected. To reduce this dependence, various data-mining and machine learning techniques have been deployed for intrusion detection. An IDS is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current systems depends on the system operators in working out the tuning solution and in integrating it into the detection model. In this paper, an automatically tuning IDS (ATIDS) is presented. The proposed system will automatically tune the detection model on-the-fly according to the feedback provided by the system operator when false predictions are encountered. The system is evaluated using the KDDCup'99 intrusion detection dataset. Experimental results show that the system achieves up to 35% improvement in terms of misclassification cost when compared with a system lacking the tuning feature. If only 10% false predictions are used to tune the model, the system still achieves about 30% improvement. Moreover, when tuning is not delayed too long, the system can achieve about 20% improvement, with only 1.3% of the false predictions used to tune the model. The results of the experiments show that a practical system can be built based on ATIDS: system operators can focus on verification of predictions with low confidence, as only those predictions determined to be false will be used to tune the detection model. | |
| type | Article - Journal | |
| type.DCMIType | text | |
| type.status | Postprint | |
| rights | This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. | |
| rights.URI | ||
| relation.isPartOf | IEEE Trans. System, Man, and Cybernetics | |
| date.accessioned | 2008-04-11T21:14:54Z | |
| date.available | 2008-04-21T15:54:26Z | |
| identifier.persist.URI | ||
| Full Text |
|