Toward lightweight intrusion detection system through simultaneous intrinsic model identification

  • Authors:

  • Dong Seong Kim;Sang Min Lee;Jong Sou Park

  • Affiliations:

  • Network Security Lab., Hankuk Aviation University, Seoul, Korea;Network Security Lab., Hankuk Aviation University, Seoul, Korea;Network Security Lab., Hankuk Aviation University, Seoul, Korea

  • Venue:
  • ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Intrusion Detection System (IDS) should guarantee high detection rates with minimum overheads to figure out intrusion detection model and process audit data. The previous approaches have mainly focused on feature selection of audit data and parameters optimization of intrusion detection models. However, feature selection and parameters optimization have been performed in separate way. Several hybrid approaches based on soft computing techniques are able to perform both of them together but they have more computational overheads. In this paper, we propose a new approach named Simultaneous Intrinsic Model Identification (SIMI), which enable one to perform both feature selection and parameters optimization together without any additional computational overheads. SIMI adopts Random Forest (RF) which is a promising machine learning algorithm and has been shown similar or better classification rates compared to Support Vector Machines (SVM). SIMI is able to model lightweight intrinsic intrusion detection model with optimized parameters and features. After determination of the intrinsic intrusion detection model, we visualize normal and attack patterns in 2 dimensional space using Multidimensional Scaling (MDS). We carry out several experiments on KDD 1999 intrusion detection dataset and validate the feasibility of our approach.