Skip to main content
SpringerLink
Log in
Book cover

International Conference on Pattern Recognition and Image Analysis

ICAPR 2005: Pattern Recognition and Image Analysis pp 94–102Cite as

Using Behavior Knowledge Space and Temporal Information for Detecting Intrusions in Computer Networks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 3687))

Abstract

Pattern Recognition (PR) techniques have proven their ability for detecting malicious activities within network traffic. Systems based on multiple classifiers can further enforce detection capabilities by combining and correlating the results obtained by different sources.

An aspect often disregarded in PR approaches dealing with the intrusion detection problem is the use of temporal information. Indeed, an attack is typically carried out along a set of consecutive network packets; therefore, a PR system could improve its reliability by examining sequences of network connections before expressing a decision.

In this paper we present a system that uses a multiple classifier approach together with temporal information about the network packets to be classified. In order to improve classification reliability, we introduce the concept of rejection: instead of emitting an unreliable verdict, an ambiguously classified packet can be logged for further analysis.

The proposed system has been tested on a wide database made up of real network traffic traces.

This work has been partially supported by the Ministero dell’Istruzione, dell’Università e della Ricerca (MIUR) in the framework of the FIRB Project “Middleware for advanced services over large-scale, wired-wireless distributed systems (WEB-MINDS)”.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Vigna, G., Kemmerer, R.: Netstat: a network based intrusion detection system. Journal of Computer Security 7(1) (1999)

    Google Scholar 

  2. Axelsson, S.: Research in Intrusion Detection Systems: A Survey, TR 98-17, Chalmers University of Technology (1999)

    Google Scholar 

  3. Kumar, R., Spafford, E.H.: A Software Architecture to Support Misuse Intrusion Detection. In: Proceedings of the 18th National Information Security Conference, pp. 194–204 (1995)

    Google Scholar 

  4. Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. 8’th USENIX Security Symposium, Washington DC, August 26-29 (1999)

    Google Scholar 

  5. Lane, T., Brodley, C.E.: Temporal Sequence learning and data reduction for anomaly detection. ACM Trans. on Inform. and System Security 2(3), 295–261 (1999)

    Google Scholar 

  6. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Inform. System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  7. Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Real Time Detection of Novel Attacks by Means of Data Mining Techniques. In: Proceedings of the 7th International Conference on Enterprise Information Systems, Miami (USA), May 24-28, pp. 120–127 (2005)

    Google Scholar 

  8. Lee, S.C., Heinbuch, D.V.: Training a neural Network based intrusion detector to recognize novel attack. IEEE Trans. Syst, Man and Cybernetic, Part-A 31, 294–299 (2001)

    Article  Google Scholar 

  9. Fugate, M., Gattiker, J.R.: Computer Intrusion Detection with Classification and Anomaly Detection, using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17(3), 441–458 (2003)

    Article  Google Scholar 

  10. Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24, 1795–1803 (2003)

    Article  Google Scholar 

  11. Giacinto, G., Roli, F., Didaci, L.: A Modular Multiple Classifier System for the Detection of Intrusions. In: Windeatt, T., Roli, F. (eds.) MCS 2003. LNCS, vol. 2709, pp. 346–355. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Cordella, L.P., Limongiello, A., Sansone, C.: Network Intrusion Detection by a Multi Stage Classification System. In: Roli, F., Kittler, J., Windeatt, T. (eds.) MCS 2004. LNCS, vol. 3077, pp. 324–333. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Singh, S., Markou, M.: Novelty detection: a review - part 2: neural network based approaches. Signal Processing 83(12), 2499–2521 (2003)

    Article  MATH  Google Scholar 

  14. Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion detection with neural networks. In: Jordan, M., et al. (eds.) Advances in Neural Information Processing Systems 10, pp. 943–949. MIT Press, Cambridge (1998)

    Google Scholar 

  15. Labib, K., Vemuri, R.: NSOM: A real-time network-based intrusion detection system using self-organizing maps. Technical report, Dept. of Applied Science, University of California, Davis (2002)

    Google Scholar 

  16. Axelsson, S.: The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Trans. on Information and System Security 3(3), 186–205 (2000)

    Article  MathSciNet  Google Scholar 

  17. Cohen, W.W., Singer, Y.: Simple, Fast, and Effective Rule Learner. In: Proc. of the Sixteenth National Conference on Artificial Intelligence and Eleventh Conference on Innovative Applications of Artificial Intelligence, Orlando, Florida, USA, July 18-22, pp. 335–342 (1999)

    Google Scholar 

  18. Huang, Y.S., Suen, C.Y.: A Method of Combining Multiple Experts for the Recognition of Unconstrained Handwritten Numerals. IEEE Transactions on Pattern Analysis and Machine Intelligence 17(1), 90–94 (1995)

    Article  Google Scholar 

  19. Cordella, L.P., Sansone, C., Tortorella, F., Vento, M., De Stefano, C.: Neural Network Classification Reliability: Problems and Applications. In: Image Processing and Pattern Recognition. Neural Network Systems Techniques and Applications, vol. 5, pp. 161–200. Academic Press, San Diego (1998)

    Google Scholar 

  20. Liu, Y., Chen, K., Liao, X., Zhang, W.: A genetic clustering method for intrusion detection. Pattern Recognition 37 (2004)

    Google Scholar 

  21. McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)

    Article  Google Scholar 

  22. Paxson, V., Floyd, S.: Difficulties in simulating the internet. IEEE/ACM Transactions on Networking 9(4), 392–403 (2001)

    Article  Google Scholar 

  23. Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, PhD thesis, Florida Institute of Technology (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica e Sistemistica, Università di Napoli “Federico II”, Via Claudio, 21, I-80125, Napoli, Italy

    L. P. Cordella, I. Finizio, C. Mazzariello & C. Sansone

Authors
  1. L. P. Cordella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. I. Finizio
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. C. Mazzariello
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. C. Sansone
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Research School of Infomatics, Loughborough, UK

    Sameer Singh

  2. ATR Lab, Research School of Informatics, University of Loughborough, Loughborough, UK

    Maneesha Singh

  3. IBM Corporation, 1133 Wetchester Avenue, White Plains, 10604, New York, United States

    Chid Apte

  4. Institute of Computer Vision and applied Computer Sciences, IBaI, Germany

    Petra Perner

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cordella, L.P., Finizio, I., Mazzariello, C., Sansone, C. (2005). Using Behavior Knowledge Space and Temporal Information for Detecting Intrusions in Computer Networks. In: Singh, S., Singh, M., Apte, C., Perner, P. (eds) Pattern Recognition and Image Analysis. ICAPR 2005. Lecture Notes in Computer Science, vol 3687. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552499_11

Download citation

  • DOI: https://doi.org/10.1007/11552499_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28833-6

  • Online ISBN: 978-3-540-31999-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation