Intrusion detection system to detect variant attacks using learning algorithms with automatic generation of training data

Although there are many anomaly detection systems based on learning algorithms that are able to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is difficult to prepare the training data, anomaly detection syste...

Full description

Saved in:
Bibliographic Details
Main Authors: Yamada, A., Miyake, Y., Takemori, K., Tanaka, T.
Format: Conference Proceeding
Language:English
Subjects:
Data security
Intrusion detection
Laboratories
Machine learning
Prototypes
Research and development
Supervised learning
Telecommunication traffic
Training data
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Although there are many anomaly detection systems based on learning algorithms that are able to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is difficult to prepare the training data, anomaly detection systems are not widely used in the practical environment. In this paper, we propose an anomaly detection system based on machine learning that requires no prepared training data. The system generates sophisticated training data that is applicable to the learning by processing alerts that a signature based intrusion detection system (IDS) outputs. We evaluated the system using two types of traffic: the 1999 DARPA IDS evaluation data and the security scanner data. The results show that the training data generated by the system is suitable for learning attack behaviors and the system is able to detect variants of worms and known attacks.
DOI:10.1109/ITCC.2005.178