A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Kim, Gisung | ko |
| dc.contributor.author | Lee, Seungmin | ko |
| dc.contributor.author | Kim, Sehun | ko |
| dc.date.accessioned | 2014-08-26T08:18:53Z | - |
| dc.date.available | 2014-08-26T08:18:53Z | - |
| dc.date.created | 2013-11-08 | - |
| dc.date.created | 2013-11-08 | - |
| dc.date.issued | 2014-03 | - |
| dc.identifier.citation | EXPERT SYSTEMS WITH APPLICATIONS, v.41, no.4, pp.1690 - 1700 | - |
| dc.identifier.issn | 0957-4174 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/187086 | - |
| dc.description.abstract | In this paper, a new hybrid intrusion detection method that hierarchically integrates a misuse detection model and an anomaly detection model in a decomposition structure is proposed. First, a misuse detection model is built based on the C4.5 decision tree algorithm and then the normal training data is decomposed into smaller subsets using the model. Next, multiple one-class SVM models are created for the decomposed subsets. As a result, each anomaly detection model does not only use the known attack information indirectly, but also builds the profiles of normal behavior very precisely. The proposed hybrid intrusion detection method was evaluated by conducting experiments with the NSL-KDD data set, which is a modified version of well-known KDD Cup 99 data set. The experimental results demonstrate that the proposed method is better than the conventional methods in terms of the detection rate for both unknown and known attacks while it maintains a low false positive rate. In addition, the proposed method significantly reduces the high time complexity of the training and testing processes. Experimentally, the training and testing time of the anomaly detection model is shown to be only 50% and 60%, respectively, of the time required for the conventional models. (C) 2013 Elsevier Ltd. All rights reserved. | - |
| dc.language | English | - |
| dc.publisher | PERGAMON-ELSEVIER SCIENCE LTD | - |
| dc.subject | CLASSIFICATION | - |
| dc.subject | CLASSIFIERS | - |
| dc.subject | SUPPORT | - |
| dc.title | A novel hybrid intrusion detection method integrating anomaly detection with misuse detection | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000329955900017 | - |
| dc.identifier.scopusid | 2-s2.0-84888315965 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 41 | - |
| dc.citation.issue | 4 | - |
| dc.citation.beginningpage | 1690 | - |
| dc.citation.endingpage | 1700 | - |
| dc.citation.publicationname | EXPERT SYSTEMS WITH APPLICATIONS | - |
| dc.identifier.doi | 10.1016/j.eswa.2013.08.066 | - |
| dc.embargo.liftdate | 9999-12-31 | - |
| dc.embargo.terms | 9999-12-31 | - |
| dc.contributor.localauthor | Kim, Sehun | - |
| dc.contributor.nonIdAuthor | Lee, Seungmin | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Hybrid intrusion detection | - |
| dc.subject.keywordAuthor | One-class SVM | - |
| dc.subject.keywordAuthor | Anomaly detection | - |
| dc.subject.keywordAuthor | Decision tree | - |
| dc.subject.keywordPlus | CLASSIFICATION | - |
| dc.subject.keywordPlus | CLASSIFIERS | - |
| dc.subject.keywordPlus | SUPPORT | - |
- Appears in Collection
- IE-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 275 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.