Parallel analysis for lightweight network incident detection using nonlinear adaptive systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.

Original languageEnglish
Title of host publicationProceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
Pages319-325
Number of pages7
DOIs
Publication statusPublished - 2007 Dec 1
Event2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007 - Dalian, China
Duration: 2007 Sep 182007 Sep 21

Publication series

NameProceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007

Other

Other2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007
CountryChina
CityDalian
Period07/9/1807/9/21

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Parallel analysis for lightweight network incident detection using nonlinear adaptive systems'. Together they form a unique fingerprint.

  • Cite this

    Ando, R., & Takefuji, Y. (2007). Parallel analysis for lightweight network incident detection using nonlinear adaptive systems. In Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007 (pp. 319-325). [4351504] (Proceedings - 2007 IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007). https://doi.org/10.1109/ICNPCW.2007.4351504