Advanced probabilistic approach for network intrusion forecasting and detection

Authors:
Seongjun Shin;Seungmin Lee;Hyunwoo Kim;Sehun Kim
Affiliations:
The Attached Institute of ETRI, P.O. Box 1, Yuseong-gu, Daejeon 305-600, South Korea;Technology Strategy Research Division, ETRI, 218 Gajeong-ro, Yuseong-gu, Daejeon 305-700, South Korea;School of Business, Kyungil University, 50, Gamasil-gil, Hayang-eup, Gyeongsan, Gyeongbuk 712-701, South Korea;Internet Security Lab., Department of Industrial and Systems Engineering, School of Information Technologies, KAIST 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, South Korea
Venue:
Expert Systems with Applications: An International Journal
Year:
2013

Citing 7
Cited 3

A clustering-based method for unsupervised intrusion detections

Pattern Recognition Letters
DDoS attack detection method using cluster analysis

Expert Systems with Applications: An International Journal
The use of the area under the ROC curve in the evaluation of machine learning algorithms

Pattern Recognition
Research on hidden Markov model for system call anomaly detection

PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Enhancing the accuracy of network-based intrusion detection with host-based context

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hierarchical Kohonenen net for anomaly detection in network security

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications

Information Sciences: an International Journal
A novel intrusion detection system based on feature generation with visualization strategy

Expert Systems with Applications: An International Journal
Fast fashion sales forecasting with limited data and time

Decision Support Systems

Quantified Score

Hi-index	12.05

Visualization

Abstract

Recently, as damage caused by Internet threats has increased significantly, one of the major challenges is to accurately predict the period and severity of threats. In this study, a novel probabilistic approach is proposed effectively to forecast and detect network intrusions. It uses a Markov chain for probabilistic modeling of abnormal events in network systems. First, to define the network states, we perform K-means clustering, and then we introduce the concept of an outlier factor. Based on the defined states, the degree of abnormality of the incoming data is stochastically measured in real-time. The performance of the proposed approach is evaluated through experiments using the well-known DARPA 2000 data set and further analyzes. The proposed approach achieves high detection performance while representing the level of attacks in stages. In particular, our approach is shown to be very robust to training data sets and the number of states in the Markov model.