Featured Research

from universities, journals, and other organizations

"Smart" Methods For Detecting Computer Network Intruders

Date:
February 26, 2002
Source:
Penn State
Summary:
A team of Penn State and Iowa State researchers has tested and rated three "smart" classification methods capable of detecting the telltale patterns of entry and misuse left by the typical computer network intruder and found that one, called "rough sets," currently overlooked by the industry, is the best.

University Park, Pa. --- A team of Penn State and Iowa State researchers has tested and rated three "smart" classification methods capable of detecting the telltale patterns of entry and misuse left by the typical computer network intruder and found that one, called "rough sets," currently overlooked by the industry, is the best.

Related Articles


The researchers report that computer security breaches have risen significantly in the last three years. In February 2000, Yahoo, Amazon, E-Bay, Datek and E-Trade were shut down due to denial-of-service attacks on their web servers. The U.S. General Accounting Office (GAO) reports that about 250,000 break-ins into Federal computer systems were attempted in one year and 64 percent were successful. The number of attacks is doubling every year and the GAO estimates that only one to four percent of these attacks will be detected and only about one percent will be reported.

Dr. Chao-Hsien Chu, associate professor of information sciences and technology and of management science and information systems at Penn State, began the study when he was on the faculty at Iowa State University. The results were published this month (Feb.) in the current issue (Vol: 32, No. 4) of the journal, Decision Sciences. His Iowa State co-authors are Dr. Dan Zhu, assistant professor of management information systems, and Dr. G. Premkumar, associate professor of management information systems; and Xiaoning Zhang, Chu's former master's student.

"No network security system or firewall can ever be completely foolproof," Chu says. "So there is always a need for a ‘watchdog' to patrol the network and signal when an intrusion occurs. Commercially available ‘watchdog' systems depend on traditional statistical techniques. However, the newer ‘smart' methods promise to have a significant impact on accuracy."

Even the cleverest intruder leaves electronic footprints on breaking and entering a secure computer data network such as bank, medical or credit records. The new "smart" methods can collect information from a variety of sources within the network, "learn" the patterns typical of a perpetrator trying to gain a level of control similar to that of the people who legitimately operate the network, and make a reasoned prediction about whether the pattern represents intrusion or not.

The team focused on three "smart" approaches, known as data mining techniques, namely: neural nets, inductive learning and rough sets. All three data mining techniques can collect information, "learn" and make reasoned predictions.

Neural nets and inductive learning have previously been used in intrusion detection and research by others has found these methods to be successful and effective. Chu notes that rough sets, a relatively new approach, has not been applied to intrusion detection. The researchers say their study is the first to evaluate and compare multiple data mining methods, including rough sets, in the intrusion detection context.

The researchers report that the rough sets method does not require any preliminary or additional information about the data and can work with missing values and less expensive or alternative sets of measurements. The method can work with imprecise values where a pair of lower and upper approximations replaces imprecise or uncertain data. It is also able to discover important facts hidden in the data and express them in the natural language of decision rules. A powerful method for characterizing complex, multidimensional patterns, rough sets has been successfully applied in knowledge acquisition, forecasting and predictive modeling, and decision support.

In their study, the team used data from the privileged program – sendmail, a program in use in virtually every Unix site that has email. They write, "The data includes both normal and abnormal traces. The normal trace is a trace of the sendmail daemon and several invocations of the sendmail program. During the period of collecting these traces, there are no intrusions or any suspicious activities happening. The abnormal traces contain several traces including intrusions that exploit well-known problems in Unix systems."

The average classification accuracy rate for the three programs was as follows: rough sets 75.68 percent accurate; neural nets 69.78 percent accurate; and inductive learning 51.16 percent accurate. In addition, the team found that training the programs on equal amounts of normal and abnormal sequences leads to better learning and a more accurate classification. Whether the data was represented as binaries or as integers, (neural nets cannot use both), did not significantly affect performance. They conclude, "The tremendous growth in the Internet and electronic commerce has created serious challenges to network security. Advances in data mining and knowledge discovery provide new approaches to network intrusion detection."


Story Source:

The above story is based on materials provided by Penn State. Note: Materials may be edited for content and length.


Cite This Page:

Penn State. ""Smart" Methods For Detecting Computer Network Intruders." ScienceDaily. ScienceDaily, 26 February 2002. <www.sciencedaily.com/releases/2002/02/020226075019.htm>.
Penn State. (2002, February 26). "Smart" Methods For Detecting Computer Network Intruders. ScienceDaily. Retrieved December 21, 2014 from www.sciencedaily.com/releases/2002/02/020226075019.htm
Penn State. ""Smart" Methods For Detecting Computer Network Intruders." ScienceDaily. www.sciencedaily.com/releases/2002/02/020226075019.htm (accessed December 21, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Sunday, December 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Building Google Into Cars

Building Google Into Cars

Reuters - Business Video Online (Dec. 19, 2014) Google's next Android version could become the standard that'll power your vehicle's entertainment and navigation features, Reuters has learned. Fred Katayama reports. Video provided by Reuters
Powered by NewsLook.com
After Sony Hack, What's Next?

After Sony Hack, What's Next?

Reuters - US Online Video (Dec. 19, 2014) The hacking attack on Sony Pictures has U.S. government officials weighing their response to the cyber-attack. Linda So reports. Video provided by Reuters
Powered by NewsLook.com
Navy Unveils Robot Fish

Navy Unveils Robot Fish

Reuters - Light News Video Online (Dec. 18, 2014) The U.S. Navy unveils an underwater device that mimics the movement of a fish. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
How 2014 Shaped The Future Of The Internet

How 2014 Shaped The Future Of The Internet

Newsy (Dec. 18, 2014) It has been a long, busy year for Net Neutrality. The stage is set for an expected landmark FCC decision sometime in 2015. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins