Title :
Hybrid Hierarchical Network Intrusion Detection
Author :
Yang, Hong-yu ; Xie, Li-xia
Author_Institution :
Software Res. Center, Civil Aviation Univ. of China, Tianjin
Abstract :
A prototype of three-layer network intrusion detection system (NIDS) was designed to improve the veracity and efficiency of intrusion detection. The NIDS deals with the network layer raw data, the application layer connection session and user network behaviors. The NIDS monitors payload of packets on network layer and analyzes attacks on application layer through packets reassembly and statistical process. The system created profile using learning vector quantization (LVQ) and utilized the original LVQ algorithm to implement behavior classification. This approach exhibits the ability to detect the known and unknown network attacks. Experimental results show that the NIDS detect low-level network attacks effectively with low false positive rate and perform very well for detection of unknown attacks, especially for PROBE, DOS and U2R attacks
Keywords :
computer networks; learning (artificial intelligence); security of data; statistical analysis; vector quantisation; application layer connection session; hierarchical network intrusion detection system; learning vector quantization; low-level network attack; packet reassembly; statistical process; user network behavior; Computer networks; Cybernetics; Electronic mail; Intrusion detection; Machine learning; Master-slave; Payloads; Protocols; Queueing analysis; Signal design; Signal processing; Software prototyping; Intrusion detection; KDD; LVQ; profile; state transition;
Conference_Titel :
Machine Learning and Cybernetics, 2006 International Conference on
Conference_Location :
Dalian, China
Print_ISBN :
1-4244-0061-9
DOI :
10.1109/ICMLC.2006.258929
