A three-tier IDS via data mining approach

Hwang, Tsong Song; Lee, Tsung-Ju; Lee, Yuh-Jye

doi:10.1145/1269880.1269882

Cited by 29 publications

(23 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many researchers have suggested that the monitoring capability of current IDS can be improved by taking a hybrid approach that consists of both anomaly as well as signature detection techniques (Lunt et al 1992;Anderson et al 1995;Porras and Neumann 1997;Hwang et al 2007;Fortuna et al 2007). The anomaly detection techniques aid in the detection of new or unknown zero day attacks while the signature detection techniques detect known attacks.…”

Section: Hybrid/ensemble Classifiersmentioning

confidence: 99%

“…Hwang et al (2007) has proposed a 3 tier hybrid approach to detect intrusions. First tier of system is signature based approach to filter the known attacks using black list concept.…”

Section: Hybrid/ensemble Classifiersmentioning

confidence: 99%

“…Summary of results(Hwang et al 2007) Class/detection Old attacks (%) New attack (%) Total detection (%) accuracy…”

mentioning

confidence: 99%

See 2 more Smart Citations

The use of artificial intelligence based techniques for intrusion detection: a review

Kumar¹,

Kumar²,

Sachdeva³

2010

Artif Intell Rev

109

View full text Add to dashboard Cite

The Internet connects hundreds of millions of computers across the world running on multiple hardware and software platforms providing communication and commercial services. However, this interconnectivity among computers also enables malicious users to misuse resources and mount Internet attacks. The continuously growing Internet attacks pose severe challenges to develop a flexible, adaptive security oriented methods. Intrusion detection system (IDS) is one of most important component being used to detect the Internet attacks. In literature, different techniques from various disciplines have been utilized to develop efficient IDS. Artificial intelligence (AI) based techniques plays prominent role in development of IDS and has many benefits over other techniques. However, there is no comprehensive review of AI based techniques to examine and understand the current status of these techniques to solve the intrusion detection problems. In this paper, various AI based techniques have been reviewed focusing on development of IDS. Related studies have been compared by their source of audit data, processing criteria, technique used, dataset, classifier design, feature reduction technique employed and other experimental environment setup. Benefits and limitations of AI based techniques have been discussed. The paper will help the better understanding of different directions in which research has been done in the field of IDS. The findings of this paper provide useful insights into literature and are beneficial for those who are interested in applications of AI based techniques to IDS and related fields. The review also provides the future directions of the research in this area.

show abstract

Section: Hybrid/ensemble Classifiersmentioning

confidence: 99%

“…Hwang et al (2007) has proposed a 3 tier hybrid approach to detect intrusions. First tier of system is signature based approach to filter the known attacks using black list concept.…”

Section: Hybrid/ensemble Classifiersmentioning

confidence: 99%

See 1 more Smart Citation

The use of artificial intelligence based techniques for intrusion detection: a review

Kumar¹,

Kumar²,

Sachdeva³

2010

Artif Intell Rev

109

View full text Add to dashboard Cite

show abstract

“…The latter employs typical RF and its variant for outlier detection in misuse detection component and anomaly detection component. Hwang et al [16] provided a three-tier IDS with a similar design. They added an additional misuse detection component after the anomaly detection component (in stage 2); the misuse detection component classifies suspicious traffic into four classes: Denial of Service (DoS), Probing (Prb), user to remote (U2R) and remote to local (R2L) attacks.…”

Section: Related Studiesmentioning

confidence: 99%

A two-level hybrid approach for intrusion detection

et al. 2016

View full text Add to dashboard Cite

“…In 2000, Lippmann et al presented a relative study [20] of various classification algorithms for intrusion detection in 2000. A framework [21] that uses different classification algorithms in order to train classifiers on the dataset of benign and malicious executable so that they can detect the category of new executable was developed by Schultz et al in 2001. In 2007, Hwang et al presented a 3-tier architecture IDS [22] that comprises of three different lists: black list, while list and multi-class. White list comprises of normal traffic, black list comprises of known attacks from the traffic and multi-class comprises of anomalies that are identified in the normal traffic.…”

Section: Related Workmentioning

confidence: 99%

Usage of Machine Learning for Intrusion Detection in a Network

Ahlawat¹

2016

ijcna

View full text Add to dashboard Cite

-Increase in volume and intensity of network attacks, forcing the business systems to revamp their network security solutions in order to avoid huge financial losses. Intrusion Detection Systems are one of the most essential security solutions in order to ensure the security of any network. Considering huge volumes of network data and complex nature of intrusions, the performance optimization of Network Intrusion Detection System became an open problem that is gaining more and more attention from the researchers nowadays. The objective of this paper is to identify a machine learning algorithm that provides high accuracy and real-time system application. This paper evaluates the performance of 15 different machine learning algorithms using NSL-KDD dataset on the basis of false discovery rate, average accuracy, root mean squared error and model building time. Firstly, 5 machine learning algorithms out of 15 are chosen on the basis of maximum accuracy and minimum error in WEKA. Simulation of these machine learning algorithms is performed using 10-fold cross validation. Thereafter, the best machine learning algorithm is selected on the basis of maximum accuracy and minimum model building time so that it can be readily implemented in real-time Intrusion Detection Systems.

show abstract

A three-tier IDS via data mining approach

Cited by 29 publications

References 15 publications

The use of artificial intelligence based techniques for intrusion detection: a review

The use of artificial intelligence based techniques for intrusion detection: a review

A two-level hybrid approach for intrusion detection

Usage of Machine Learning for Intrusion Detection in a Network

Contact Info

Product

Resources

About