(A) study on data mining based intrusion detection methods for secure network service

Abstract

Recently, there has been an increasing need to protect network service from malicious attackers. Communication technologies have continuously evolved over years, but most of them focus on improve efficiencies or quality of services, and security technologies are not getting the attention. Meanwhile, internet based application services increase and the attackers continue to threaten the internet based services for their economical or political reasons. Hence, the security and reliability of communication network become more important these days. Hence, the security and reliability of communication network become more important these days. This study focuses on developing effective intrusion detection methods in various domains of computer networks. Since computer network has vulnerabilities in security, malicious users have tried to get interests throughout misusing the vulnerabilities. There have been researches on detecting the malicious activities, but the defense technology need to be improved in quantity and quality. So this study proposes some improved intrusion detection methods which help to solve practical intrusion detection problems. First, this study researches on intrusion detection systems (IDSs) which are very important to protect servers or hosts against malicious attacker. Second, we focus on denial of service attacks in application server and mobile ad hoc network, which are infamous these days. Intrusion detection system inspects incoming network traffic and detects attack connections. As it thoroughly inspects the network packets, it requires fast processor to operate in real-time. In case of high speed network, the IDS cannot inspect all packets so that it drops packets or skips some checking rules. To provide a solution for such IDSs, we propose a connection filtering method which intelligently filters based on some features which the IDS can gather in the early phase of each connection. The experiment results show that our proposed connection filtering method can reduce the monitoring cost of IDS and detects some attack connections in early phase of the connections. In addition to research on efficiency of IDS, we study on improving the accuracy of detection algo-rithm in intrusion detection system. A novel hybrid intrusion detection framework is proposed to detect known and unknown network attacks. Misuse detection based module and anomaly detection based module are systematically integrated so that it can alleviate the high false positive of anomaly detection method, which improve the detection performance of the IDS. Moreover, the training time and testing time of anom-aly detection is also improved, which helps the proposed hybrid framework can be operated in real-time. These days, denial of service attack is one of the biggest security problems, which results in huge damage to service providers and internet based industries. Our studies also focus on developing a solution on specific denial of service attacks. First, we propose to counter to application layer distributed denial of service (DDoS) attacks. Since the attack look similar to normal connections, protocol based existing DDoS equipment cannot defeat the attack. We propose to change link addresses of web page and observe whether the client follows the changed address. Since most zombie program cannot parse or read the obfuscated code while modern web browsers can, we obfuscate the changed address to hide the changed address against zombies. On this assumption, the proposed method can detect various application layer DDoS attacks with a very little overhead. Moreover, we extend our research area to next generation network, ad hoc network. Since ad hoc net-work is vulnerable to routing security and reliability, attackers can easily disrupt the network. In this study, we focus on counter a sinkhole attack which is also kind of denial of service attack. The sinkhole attacker dis-rupts the routing mechanism and modifies the normal routing path to pass the attacker in order to collect network traffic or make the network disabled. We propose a cooperative sinkhole attack detection method which detect sinkhole attacker by exchanging some control packets. The simulation results show that the proposed method can detect very precisely and swiftly.