Hybrid Intrusion Forecasting Framework for Early Warning System

Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

[1]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[2]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security , 2006 .

[3]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[4]  Wenbin Zheng,et al.  Intrusion prevention system design , 2004, The Fourth International Conference onComputer and Information Technology, 2004. CIT '04..

[5]  Connie M. Borror,et al.  EWMA forecast of normal system activity for computer intrusion detection , 2004, IEEE Transactions on Reliability.

[6]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[7]  Sushil Jajodia,et al.  Data warehousing and data mining techniques for intrusion detection systems , 2006, Distributed and Parallel Databases.

[8]  Steven L. Scott,et al.  A Bayesian paradigm for designing intrusion detection systems , 2004, Computational Statistics & Data Analysis.

[9]  Fang-Yie Leu,et al.  IFTS: intrusion forecast and traceback based on union defense environment , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[10]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[11]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[12]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing) , 2005 .

[13]  Kotagiri Ramamohanarao,et al.  Information sharing for distributed intrusion detection systems , 2007, J. Netw. Comput. Appl..

[14]  A. Qayyum,et al.  Taxonomy of statistical based anomaly detection techniques for intrusion detection , 2005, Proceedings of the IEEE Symposium on Emerging Technologies, 2005..

[15]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[16]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[17]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[18]  Richard A. Davis,et al.  Introduction to time series and forecasting , 1998 .

[19]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[20]  Lionel Sacks,et al.  Active Platform Security through Intrusion Detection Using Naïve Bayesian Network for Anomaly Detection , 2002 .

[21]  Bongnam Noh,et al.  Network Intrusion Detection Using Statistical Probability Distribution , 2006, ICCSA.