Featured Research

from universities, journals, and other organizations

"Smart" Methods For Detecting Computer Network Intruders

Date:
February 26, 2002
Source:
Penn State
Summary:
A team of Penn State and Iowa State researchers has tested and rated three "smart" classification methods capable of detecting the telltale patterns of entry and misuse left by the typical computer network intruder and found that one, called "rough sets," currently overlooked by the industry, is the best.

University Park, Pa. --- A team of Penn State and Iowa State researchers has tested and rated three "smart" classification methods capable of detecting the telltale patterns of entry and misuse left by the typical computer network intruder and found that one, called "rough sets," currently overlooked by the industry, is the best.

The researchers report that computer security breaches have risen significantly in the last three years. In February 2000, Yahoo, Amazon, E-Bay, Datek and E-Trade were shut down due to denial-of-service attacks on their web servers. The U.S. General Accounting Office (GAO) reports that about 250,000 break-ins into Federal computer systems were attempted in one year and 64 percent were successful. The number of attacks is doubling every year and the GAO estimates that only one to four percent of these attacks will be detected and only about one percent will be reported.

Dr. Chao-Hsien Chu, associate professor of information sciences and technology and of management science and information systems at Penn State, began the study when he was on the faculty at Iowa State University. The results were published this month (Feb.) in the current issue (Vol: 32, No. 4) of the journal, Decision Sciences. His Iowa State co-authors are Dr. Dan Zhu, assistant professor of management information systems, and Dr. G. Premkumar, associate professor of management information systems; and Xiaoning Zhang, Chu's former master's student.

"No network security system or firewall can ever be completely foolproof," Chu says. "So there is always a need for a ‘watchdog' to patrol the network and signal when an intrusion occurs. Commercially available ‘watchdog' systems depend on traditional statistical techniques. However, the newer ‘smart' methods promise to have a significant impact on accuracy."

Even the cleverest intruder leaves electronic footprints on breaking and entering a secure computer data network such as bank, medical or credit records. The new "smart" methods can collect information from a variety of sources within the network, "learn" the patterns typical of a perpetrator trying to gain a level of control similar to that of the people who legitimately operate the network, and make a reasoned prediction about whether the pattern represents intrusion or not.

The team focused on three "smart" approaches, known as data mining techniques, namely: neural nets, inductive learning and rough sets. All three data mining techniques can collect information, "learn" and make reasoned predictions.

Neural nets and inductive learning have previously been used in intrusion detection and research by others has found these methods to be successful and effective. Chu notes that rough sets, a relatively new approach, has not been applied to intrusion detection. The researchers say their study is the first to evaluate and compare multiple data mining methods, including rough sets, in the intrusion detection context.

The researchers report that the rough sets method does not require any preliminary or additional information about the data and can work with missing values and less expensive or alternative sets of measurements. The method can work with imprecise values where a pair of lower and upper approximations replaces imprecise or uncertain data. It is also able to discover important facts hidden in the data and express them in the natural language of decision rules. A powerful method for characterizing complex, multidimensional patterns, rough sets has been successfully applied in knowledge acquisition, forecasting and predictive modeling, and decision support.

In their study, the team used data from the privileged program – sendmail, a program in use in virtually every Unix site that has email. They write, "The data includes both normal and abnormal traces. The normal trace is a trace of the sendmail daemon and several invocations of the sendmail program. During the period of collecting these traces, there are no intrusions or any suspicious activities happening. The abnormal traces contain several traces including intrusions that exploit well-known problems in Unix systems."

The average classification accuracy rate for the three programs was as follows: rough sets 75.68 percent accurate; neural nets 69.78 percent accurate; and inductive learning 51.16 percent accurate. In addition, the team found that training the programs on equal amounts of normal and abnormal sequences leads to better learning and a more accurate classification. Whether the data was represented as binaries or as integers, (neural nets cannot use both), did not significantly affect performance. They conclude, "The tremendous growth in the Internet and electronic commerce has created serious challenges to network security. Advances in data mining and knowledge discovery provide new approaches to network intrusion detection."


Story Source:

The above story is based on materials provided by Penn State. Note: Materials may be edited for content and length.


Cite This Page:

Penn State. ""Smart" Methods For Detecting Computer Network Intruders." ScienceDaily. ScienceDaily, 26 February 2002. <www.sciencedaily.com/releases/2002/02/020226075019.htm>.
Penn State. (2002, February 26). "Smart" Methods For Detecting Computer Network Intruders. ScienceDaily. Retrieved July 26, 2014 from www.sciencedaily.com/releases/2002/02/020226075019.htm
Penn State. ""Smart" Methods For Detecting Computer Network Intruders." ScienceDaily. www.sciencedaily.com/releases/2002/02/020226075019.htm (accessed July 26, 2014).

Share This




More Computers & Math News

Saturday, July 26, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Apple Acquires 'Pandora of Books' Service BookLamp

Apple Acquires 'Pandora of Books' Service BookLamp

Newsy (July 26, 2014) Apple reportedly acquired analytics and recommendation engine BookLamp for between $10 and $15 million. Video provided by Newsy
Powered by NewsLook.com
Bose Suing Beats Over Noise-Canceling Headphones Patent

Bose Suing Beats Over Noise-Canceling Headphones Patent

Newsy (July 25, 2014) On Friday electronics maker Bose announced a lawsuit against Beats Electronics, claiming the company infringed on noise-canceling headphone patents. Video provided by Newsy
Powered by NewsLook.com
Mobile App Gives Tour of Battle of Atlanta Sites

Mobile App Gives Tour of Battle of Atlanta Sites

AP (July 25, 2014) Emory University's Center for Digital Scholarship has launched a self-guided mobile tour app to coincide with the 150th anniversary of the Civil War's Battle of Atlanta. (July 25) Video provided by AP
Powered by NewsLook.com
Bill Gates: Health, Agriculture Key to Africa's Development

Bill Gates: Health, Agriculture Key to Africa's Development

AFP (July 24, 2014) Health and agriculture development are key if African countries are to overcome poverty and grow, US software billionaire Bill Gates said Thursday, as he received an honourary degree in Ethiopia. Duration: 00:36 Video provided by AFP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins