Information Technology Reference
In-Depth Information
Two-Stage Orthogonal Network Incident
Detection for the Adaptive Coordination
with SMTP Proxy
Ruo Ando and Yoshiyasu Takefuji
Graduate School of Media and Governance, Keio University
5322 Endo Fujisawa, Kanagawa, 2520816 Japan
{
ruo,takefuji
}
@sfc.keio.ac.jp
Abstract.
In this paper we present an adaptive detection and coordi-
nation system which consists of anomaly and misuse detector combined
by lightweight neural networks to synchronize with specific data control
of proxy server.The proposed method is able to correct false positive of
anomaly detector for the unusual changes in the segment monitored by
the subsequent misuse detector. The orthogonal outputs of these two
detectors can be applied for the switching condition between the pa-
rameter settings and the protective data modification of proxy. In the
unseen attacks our model detects, the forwarding delay time set in the
proxy server according to the detection intervals enable us to protect the
system faster and prevent effectively the malicious code from spreading.
1
Introduction
1.1
Repressing the Unseen Incidents
Almost current in-service IDS (intrusion detection system) is using signature-
based detection methods that collate patterns in packet data, and comparing
the patterns to dataset of signatures afforded manually by experts. Signature,
ruleset and profile of the system need to be maintained and monitored carefully
in order to find unlabeled attacks while keeping low false positive rate, Besides, to
take some countermesures against attacks properly, administrators is required to
work out the responses according to alerts promptly. The thrust of this paper is
to present the adaptive coordination of proxy using automated updating profiles
and application data control.
1.2
Tradeoffs between Clustering and Classification
There are two major data mining techniques applied for intrusion detection,
clustering or classification. Clustering is the automated, unsupervised process
that allows one to group together data into similar characteristics. Classification
is the method to learn to assign data to predefined classes. These two methods
are applied for two detection styles, AID (anomaly intrusion detection) and
