Abstract
A typical task of intrusion detection systems is to detect known kinds of attacks by analyzing network traffic. In this article, we will take a step forward and enable such a system to recognize very new kinds of attacks by means of novelty-awareness mechanisms. That is, an intrusion detection system will be able to recognize deficits in its own knowledge and to react accordingly. It will present a learned rule premise to the system administrator which will then be labeled, i.e., extended by an appropriate conclusion. In this article, we present new techniques for novelty-aware attack recognition based on probabilistic rule modeling techniques and demonstrate how these techniques can successfully be applied to intrusion benchmark data. The proposed novelty-awareness techniques may also be used in other application fields by intelligent technical systems (e.g., organic computing systems) to resolve problems with knowledge deficits in a self-organizing way.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Müller-Schloer, C.: Organic computing – on the feasibility of controlled emergence. In: IEEE/ACM/IFIP Int. Conf. on Hardware/Software Codesign and System Synthesis (CODES+ISSS 2004), Stockholm, Sweden, pp. 2–5 (2004)
Würtz, R.P. (ed.): Organic Computing. Understanding Complex Systems. Springer, Heidelberg (2008)
Buchtala, O., Grass, W., Hofmann, A., Sick, B.: A fusion-based intrusion detection architecture with organic behavior. In: The first CRIS Int. Workshop on Critical Information Infrastructures (CIIW), Linköping, pp. 47–56 (2005)
Fisch, D., Hofmann, A., Hornik, V., Dedinski, I., Sick, B.: A framework for large-scale simulation of collaborative intrusion detection. In: IEEE Conf. on Soft Computing in Industrial Applications (SMCia/ 2008), Muroran, Japan, pp. 125–130 (2008)
Hofmann, A., Sick, B.: On-line intrusion alert aggregation with generative data stream modeling. IEEE Tr. on Dependable and Secure Computing (2010) (status: accepted), http://doi.ieeecomputersociety.org/10.1109/TDSC.2009.36
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Chalmers University of Technology, Department of Computer Engineering (2000)
Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Heberlein, L.T., Ho, C.L., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., Mansur, D.: DIDS (distributed intrusion detection system) – motivation, architecture, and an early prototype. In: Proc. of the 15th IEEE National Computer Security Conf., Baltimore, MD, pp. 167–176 (1992)
Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: Proc. of the Network and Distributed System Security Symp., NDSS 2004, San Diego, CA (2004)
Chatzigiannakis, V., Androulidakis, G., Grammatikou, M., Maglaris, B.: A distributed intrusion detection prototype using security agents. In: Proc. of the 6th Int. Conf., on Software Engineering, Artificial Intelligence, Networking and Parallel and Distributed Computing, Beijing, China, pp. 238–245 (2004)
Zhang, Y.F., Xiong, Z.Y., Wang, X.Q.: Distributed intrusion detection based on clustering. In: Proc. of 2005 Int. Conf. on Machine Learning and Cybernetics, Guangzhou, China, vol. 4, pp. 2379–2383 (2005)
Dickerson, J.E., Juslin, J., Koukousoula, O., Dickerson, J.A.: Fuzzy intrusion detection. In: Proc. IFSA World Congress and 20th North American Fuzzy Information Processing Society (NAFIPS) Int. Conf., Vancouver, BC, pp. 1506–1510 (2001)
Kim, J., Bentley, P.: The artificial immune model for network intrusion detection. In: 7th European Conf. on Intelligent Techniques and Soft Computing (EUFIT 1999), Aachen, Germany (1999)
Folino, G., Pizzuti, C., Spezzano, G.: Gp ensemble for distributed intrusion detection systems. In: Proc. of the 3rd Int. Conf. on Advances in Pattern Recognition, Bath, U.K, pp. 54–62 (2005)
Fisch, D., Sick, B.: Training of radial basis function classifiers with resilient propagation and variational Bayesian inference. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 2009), Atlanta, GA, pp. 838–847 (2009)
Bishop, C.M.: Pattern Recognition and Machine Learning. Springer, New York (2006)
Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: DARPA Information Survivability Conf. and Exposition (DISCEX), Hilton Head, SC, vol. 2, pp. 12–26 (2000)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Tr. on Information and System Security 3(4), 262–294 (2000)
Roesch, M.: Snort – lightweight intrusion detection for networks. In: LISA 1999: Proc. of the 13th USENIX Conf. on System Administration, Berkeley, CA, pp. 229–238 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Fisch, D., Kastl, F., Sick, B. (2010). Novelty-Aware Attack Recognition – Intrusion Detection with Organic Computing Techniques. In: Hinchey, M., et al. Distributed, Parallel and Biologically Inspired Systems. DIPES BICC 2010 2010. IFIP Advances in Information and Communication Technology, vol 329. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15234-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-15234-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15233-7
Online ISBN: 978-3-642-15234-4
eBook Packages: Computer ScienceComputer Science (R0)