TY - GEN
T1 - Parallel analysis for lightweight network incident detection using nonlinear adaptive systems
AU - Ando, Ruo
AU - Takefuji, Yoshiyasu
PY - 2007
Y1 - 2007
N2 - The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.
AB - The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.
UR - http://www.scopus.com/inward/record.url?scp=47849113190&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47849113190&partnerID=8YFLogxK
U2 - 10.1109/ICNPCW.2007.4351504
DO - 10.1109/ICNPCW.2007.4351504
M3 - Conference contribution
AN - SCOPUS:47849113190
SN - 0769529437
SN - 9780769529431
T3 - Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
SP - 319
EP - 325
BT - Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
T2 - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
Y2 - 18 September 2007 through 21 September 2007
ER -