Intrusion detection system to detect variant attacks using learning algorithms with automatic generation of training data

Author

Yamada, Akira ; Miyake, Yutaka ; Takemori, Keisuke ; Tanaka, Toshiaki

Author_Institution

KDDI R&D Labs. Inc., Kamifukuoka, Japan

Volume

1

fYear

2005

fDate

4-6 April 2005

Firstpage

650

Abstract

Although there are many anomaly detection systems based on learning algorithms that are able to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is difficult to prepare the training data, anomaly detection systems are not widely used in the practical environment. In this paper, we propose an anomaly detection system based on machine learning that requires no prepared training data. The system generates sophisticated training data that is applicable to the learning by processing alerts that a signature based intrusion detection system (IDS) outputs. We evaluated the system using two types of traffic: the 1999 DARPA IDS evaluation data and the security scanner data. The results show that the training data generated by the system is suitable for learning attack behaviors and the system is able to detect variants of worms and known attacks.

Keywords

digital signatures; learning (artificial intelligence); security of data; anomaly detection systems; attack detection; learning algorithms; machine learning; signature based intrusion detection system; training data generation; Data security; Databases; Intrusion detection; Laboratories; Machine learning; Prototypes; Research and development; Supervised learning; Telecommunication traffic; Training data;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on

Print_ISBN

0-7695-2315-3

Type

conf

DOI

10.1109/ITCC.2005.178

Filename

1428537