Title :
Intrusion detection system to detect variant attacks using learning algorithms with automatic generation of training data
Author :
Yamada, Akira ; Miyake, Yutaka ; Takemori, Keisuke ; Tanaka, Toshiaki
Author_Institution :
KDDI R&D Labs. Inc., Kamifukuoka, Japan
Abstract :
Although there are many anomaly detection systems based on learning algorithms that are able to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is difficult to prepare the training data, anomaly detection systems are not widely used in the practical environment. In this paper, we propose an anomaly detection system based on machine learning that requires no prepared training data. The system generates sophisticated training data that is applicable to the learning by processing alerts that a signature based intrusion detection system (IDS) outputs. We evaluated the system using two types of traffic: the 1999 DARPA IDS evaluation data and the security scanner data. The results show that the training data generated by the system is suitable for learning attack behaviors and the system is able to detect variants of worms and known attacks.
Keywords :
digital signatures; learning (artificial intelligence); security of data; anomaly detection systems; attack detection; learning algorithms; machine learning; signature based intrusion detection system; training data generation; Data security; Databases; Intrusion detection; Laboratories; Machine learning; Prototypes; Research and development; Supervised learning; Telecommunication traffic; Training data;
Conference_Titel :
Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
Print_ISBN :
0-7695-2315-3
DOI :
10.1109/ITCC.2005.178
