Machine learning based IDS with automatic training data generation (Japanese)

In: Transactions of the Information Processing Society of Japan   ;  46 ,  8  ;  1947-1958  ;  2005
  • ISSN:
  • Article (Journal)  /  Print

How to get this document?

Although many intrusion detection systems based on learning algorithms have been proposed to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is not easy to prepare the training data, the anomaly detection systems are not widely used in the practical environment. On the other hand, misuse detection systems that use signatures to detect attacks are deployed widely. However, they are not able to detect unknown attacks or variants of known attacks. So we have proposed a new anomaly detection system, which detects the variants of known attacks without, preparing the training data. In this system, we use outputs of signature-based conventional IDS to generate the training data for anomaly detection. This system identifies novel features of attacks, and generates generalized signatures from the output of IDS to detect the variant attacks. We conducted experiments on the prototype system with three types of traffic data, 1999 DARPA IDS Evaluation Data, attacks by vulnerability scanner and actual traffic. The results show that our scheme can detect the variants of attacks efficiently, which cannot be detected by the conventional IDS.

Table of contents – Volume 46, Issue 8

Show all volumes and issues

The tables of contents are generated automatically and are based on the data records of the individual contributions available in the index of the TIB portal. The display of the Tables of Contents may therefore be incomplete.

1947
Machine learning based IDS with automatic training data generation
Yamada, A. / Miyake, Y. / Takemori, K. / Tanaka, T. | 2005
2014
Proposal for the experimental environment for network worm infection
Terada, M. / Takada, S. / Doi, N. | 2005
2142
Network protocols for logical communication model on CAN (controller area network)
Sato, K. / Koita, T. / Inoue, H. | 2005
2162
Adaptive mediation platform for collaborative applications in peer-to-peer environment
Yoshinaga, H. / Tsuchiya, T. / Koyanagi, K. | 2005