Selection of Detection Measures using Relative Entropy based on Network Connections


The KIPS Transactions:PartC, Vol. 12, No. 7, pp. 1007-1014, Dec. 2005
10.3745/KIPSTC.2005.12.7.1007,   PDF Download:

Abstract

A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert''s experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert''s experiences. The methods are to select useful measures in measures of network connection(session) ant to detect attacks. We extracted the network session data of normal and each attack, and seleted useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. Teh detecting method controled detection rate and false positive rate using threshhold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting intrusion and attacks.,


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
G. J. Mun, Y. M. Kim, D. K. Kim, B. N. Noh, "Selection of Detection Measures using Relative Entropy based on Network Connections," The KIPS Transactions:PartC, vol. 12, no. 7, pp. 1007-1014, 2005. DOI: 10.3745/KIPSTC.2005.12.7.1007.

[ACM Style]
Gil Jong Mun, Yong Min Kim, Dong Kook Kim, and Bong Nam Noh. 2005. Selection of Detection Measures using Relative Entropy based on Network Connections. The KIPS Transactions:PartC, 12, 7, (2005), 1007-1014. DOI: 10.3745/KIPSTC.2005.12.7.1007.