Detecting Known and Novel Network Intrusions
暂无分享,去创建一个
It is well known that signature based intrusion detection systems are only able to detect known attacks. Unfortunately, current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environment. Current hackers are using new attacks where neither access control systems nor current signature based systems can prevent the devastating results of these attacks against information systems. We enhance the notion of anomaly detection, introduce necessary conditions that should be taken into account by the building detection models and propose a new machine learning algorithm based on decision trees to discover known and unknown attacks in real time. Experimental results demonstrate that the proposed method is highly successful in detecting new attacks and significantly outperforms previous work.
[1] J. Ross Quinlan,et al. C4.5: Programs for Machine Learning , 1992 .
[2] Salvatore J. Stolfo,et al. A framework for constructing features and models for intrusion detection systems , 2000, TSEC.
[3] Sylvain Gombault,et al. Eigenconnections to Intrusion Detection , 2004, SEC.
[4] Aiko M. Hormann,et al. Programs for Machine Learning. Part I , 1962, Inf. Control..
[5] Charles Elkan,et al. Results of the KDD'99 classifier learning , 2000, SKDD.