Evolutionary Optimization on Misuse and Anomaly IDS Using LOF-based Clustering

Date Issued
2006
Date
2006
Author(s)
Chen, Chun-Hao
DOI
en-US
URI
Abstract
With wide application of internet, various attack techniques have been developed and threaten the e-society. Old passive safeguard, e.g. firewall, and password, is insufficient when the attack techniques progress continuously. Hence, intrusion detection system (IDS) is developed for active protection. Using data mining technique to develop IDS is automatic and effective; therefore it can replace traditional signature-based IDS. IDS can be classified into misuse detection and anomaly detection. Misuse detection uses those patterns of known attacks to match and identify intrusions. Anomaly detection constructs normal behavior profiles to detect attacks. This thesis proposes an IDS both for misuse detection and anomaly detection. We extend an excellent outlier detection algorithm LOF to a clustering algorithm. LOF can detect some outliers that other algorithms can not detect. Though there are several common concepts between outlier detection and clustering, the original LOF algorithm can not explicitly form clusters. We make extension to it and apply to IDS. The part of clustering can build the information of training data and find the association between training data and testing data; and the part of outlier detection can detect the unseen attacks if the data deviate from the distribution of training data. Besides, a genetic algorithm is used to assign each feature of data an importance (weight), and generate several sets of weights in terms of characteristics of each attack type. This is adopted to raise the accuracy of IDS. In experiments, the KDD Cup 1999 data is used to evaluate our system. We get good results both for misuse detection and anomaly detection.
Subjects
入侵偵測系統
叢集分析
孤立點偵測
基因演算法
資料探勘
IDS
clustering
outlier detection
GA
data mining
Type
thesis
File(s)
Loading...
Thumbnail Image
Name

ntu-95-R93922101-1.pdf

Size

23.31 KB

Format

Adobe PDF

Checksum

(MD5):31be3e40e3e45586a156d36009d50311

臺大位居世界頂尖大學之列,為永久珍藏及向國際展現本校豐碩的研究成果及學術能量,圖書館整合機構典藏(NTUR)與學術庫(AH)不同功能平台,成為臺大學術典藏NTU scholars。期能整合研究能量、促進交流合作、保存學術產出、推廣研究成果。

To permanently archive and promote researcher profiles and scholarly works, Library integrates the services of “NTU Repository” with “Academic Hub” to form NTU Scholars.

總館學科館員 (Main Library)
醫學圖書館學科館員 (Medical Library)
社會科學院辜振甫紀念圖書館學科館員 (Social Sciences Library)

開放取用是從使用者角度提升資訊取用性的社會運動,應用在學術研究上是透過將研究著作公開供使用者自由取閱,以促進學術傳播及因應期刊訂購費用逐年攀升。同時可加速研究發展、提升研究影響力,NTU Scholars即為本校的開放取用典藏(OA Archive)平台。(點選深入了解OA)

  • 請確認所上傳的全文是原創的內容,若該文件包含部分內容的版權非匯入者所有,或由第三方贊助與合作完成,請確認該版權所有者及第三方同意提供此授權。
    Please represent that the submission is your original work, and that you have the right to grant the rights to upload.
  • 若欲上傳已出版的全文電子檔,可使用Open policy finder網站查詢,以確認出版單位之版權政策。
    Please use Open policy finder to find a summary of permissions that are normally given as part of each publisher's copyright transfer agreement.

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science