Parallel analysis for lightweight network incident detection using nonlinear adaptive systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.

Original languageEnglish
Title of host publicationProceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
Pages319-325
Number of pages7
DOIs
Publication statusPublished - 2007
Event2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007 - Dalian, China
Duration: 2007 Sep 182007 Sep 21

Other

Other2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
CountryChina
CityDalian
Period07/9/1807/9/21

Fingerprint

Adaptive systems
Intrusion detection
Clustering algorithms
Program processors
Internet
Detectors

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Ando, R., & Takefuji, Y. (2007). Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. In Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007 (pp. 319-325). [4351504] https://doi.org/10.1109/ICNPCW.2007.4351504

Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. / Ando, Ruo; Takefuji, Yoshiyasu.

Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007. 2007. p. 319-325 4351504.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ando, R & Takefuji, Y 2007, Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. in Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007., 4351504, pp. 319-325, 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007, Dalian, China, 07/9/18. https://doi.org/10.1109/ICNPCW.2007.4351504
Ando R, Takefuji Y. Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. In Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007. 2007. p. 319-325. 4351504 https://doi.org/10.1109/ICNPCW.2007.4351504
Ando, Ruo ; Takefuji, Yoshiyasu. / Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007. 2007. pp. 319-325
@inproceedings{e7c53c80887a4ae4aec5954de55307d5,
title = "Parallel analysis for lightweight network incident detection using nonlinear adaptive systems",
abstract = "The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10{\%}, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.",
author = "Ruo Ando and Yoshiyasu Takefuji",
year = "2007",
doi = "10.1109/ICNPCW.2007.4351504",
language = "English",
isbn = "0769529437",
pages = "319--325",
booktitle = "Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007",

}

TY - GEN

T1 - Parallel analysis for lightweight network incident detection using nonlinear adaptive systems

AU - Ando, Ruo

AU - Takefuji, Yoshiyasu

PY - 2007

Y1 - 2007

N2 - The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.

AB - The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.

UR - http://www.scopus.com/inward/record.url?scp=47849113190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=47849113190&partnerID=8YFLogxK

U2 - 10.1109/ICNPCW.2007.4351504

DO - 10.1109/ICNPCW.2007.4351504

M3 - Conference contribution

SN - 0769529437

SN - 9780769529431

SP - 319

EP - 325

BT - Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007

ER -