Modelo de detección de intrusiones en sistemas de red, realizando selección de características con FDR y entrenamiento y clasificación con SOM

De-La-Hoz-Franco, Emiro; De la Hoz Correa, Eduardo Miguel; Ortiz, Andrés; Ortega, Julio

Intrusion detection model in network systems, making feature selection with fdr and classification-training stages with s

dc.creator	De-La-Hoz-Franco, Emiro
dc.creator	De la Hoz Correa, Eduardo Miguel
dc.creator	Ortiz, Andrés
dc.creator	Ortega, Julio
dc.date	2019-02-21T00:18:59Z
dc.date	2019-02-21T00:18:59Z
dc.date	2012-10-31
dc.date.accessioned	2023-10-03T19:09:49Z
dc.date.available	2023-10-03T19:09:49Z
dc.identifier	De la Hoz Franco, E., De la Hoz Correa, E. M., Ortiz, A., & Ortega, J. (2012). Modelo de detección de intrusiones en sistemas de red, realizando selección de características con FDR y entrenamiento y clasificación con SOM. INGE CUC, 8(1), 85-116. Recuperado a partir de https://revistascientificas.cuc.edu.co/ingecuc/article/view/225
dc.identifier	0122-6517, 2382-4700 electrónico
dc.identifier	http://hdl.handle.net/11323/2659
dc.identifier	2382-4700
dc.identifier	Corporación Universidad de la Costa
dc.identifier	0122-6517
dc.identifier	REDICUC - Repositorio CUC
dc.identifier	https://repositorio.cuc.edu.co/
dc.identifier.uri	https://repositorioslatinoamericanos.uchile.cl/handle/2250/9168407
dc.description	Los Sistemas de Detección de Intrusos (IDS, por sus siglas en inglés) comerciales actuales clasifican el tráfico de red, detectando conexiones normales e intrusiones, mediante la aplicación de métodos basados en firmas; ello conlleva problemas pues solo se detectan intrusiones previamente conocidas y existe desactualización periódica de la base de datos de firmas. En este artículo se evalúa la eficiencia de un modelo de detección de intrusiones de red propuesto, utilizando métricas de sensibilidad y especificidad, mediante un proceso de simulación que emplea el dataset NSL-KDD DARPA, seleccionando de éste las características más relevantes con FDR y entrenando una red neuronal que haga uso de un algoritmo de aprendizaje no supervisado basado en mapas auto-organizativos, con el propósito de clasificar el tráfico de la red en conexiones normales y ataques, de forma automática. La simulación generó métricas de sensibilidad del 99,69% y de especificidad del 56,15% utilizando 20 y 15 características, respectivamente
dc.description	Current commercial IDSs classify network traffic, detecting both intrusions and normal con-nections by applying signature-based methods. This leads to problems since only intrusion detection previously known is detected and signature database is periodically outdated. This paper evaluates the efficiency of a proposed network intrusion detection model, using sen-sitivity and specificity metrics through a simulation process that uses the dataset NSL-KDD DARPA, selecting from this, the most relevant features with FDR and training a neural net-work that makes use of an unsupervised learning algorithm based on SOMs, in order to au-tomatically classify network’s traffic into normal and attack connections. Metrics generated by simulation were: sensitivity 99.69% and specificity 56.15%, using 20 and 15 features respectively
dc.format	application/pdf
dc.format	application/pdf
dc.language	spa
dc.publisher	Corporación Universidad de la Costa
dc.relation	INGE CUC; Vol. 8, Núm. 1 (2012)
dc.relation	INGE CUC
dc.relation	INGE CUC
dc.relation	[1] SourceFire - Snort. Disponible en: http://www.snort.org/
dc.relation	[2] CheckPoint® Software Technologies Ltd. NFR (Network Flight Recorder). Disponible en: http://www.checkpoint.com/corporate/nfr/index.html
dc.relation	[3] L. T. Heberlein. Network Security Monitor, Final Report. Lawrence Livermore National Laboratory (LLNL) and the University of California, Davis (UCD). February 1995. Disponible en: http://seclab.cs.ucdavis.edu/papers/NSM-final.pdf
dc.relation	[4] CISCO System. Cisco Intrusion Detection (NetRanger). Disponible en: http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/index.shtml
dc.relation	[5] IBM. RealSecure Network Sensor. Disponible en: http://www-947.ibm.com/support/entry/portal/Overview/Software/Tivoli/ RealSecure_Network_Sensor
dc.relation	[6] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani. “A Detailed Analysis of the KDD CUP 99 Data Set”, IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009, pp. 1-6, july 2009.
dc.relation	[7] M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang. “A novel anomaly detection scheme based on principal component classifier,” Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM03), pp. 172-179, 2003.
dc.relation	[8] USC Information Sciences Intitute. “Common Intrusion Detection Framework”, Disponible en: http://gost.isi.edu/cidf/
dc.relation	[9] CIDF Working Group (Clifford Kahn, Don Bolinger and Dan Schnackenberg). DRAFT Specification. Communication in the Common Intrusion Detection Framework v 0.7. 8 June 1998. Disponible en: http://gost.isi.edu/cidf/drafts/communication.txt
dc.relation	[10] Rich Feiertag, Cliff Kahn, Phil Porras, Dan Schnackenberg et al. A Common Intrusion Specification Language (CISL). 11 June 1999. Disponible en: http://gost.isi.edu/cidf/drafts/language.txt
dc.relation	[11] Australian Computer Emergency Response Team. Disponible en: http://www.auscert.org.au/
dc.relation	[12] Internet Engineering Task Force. Disponible en: http://datatracker.ietf.org/wg/idwg/
dc.relation	[13] Common Vulnerabilities and Exposures -CVE. Disponible en: http://cve.mitre.org/about/index.html
dc.relation	[14] Prelude Technologies. Disponible en: http://www.prelude-technologies.com/
dc.relation	[15] National Institute of Standards and Technology- National Computer Security Center. National Computer Security Conference. DIANE Publishing Company. October 1992. p. 272.
dc.relation	[16] SRI - International a real-time Intrusion- Detection Expert System (IDES). Disponible en: http://www.csl.sri.com/ papers/9sri/9sri.pdf
dc.relation	[17] S. Noel, D. Wijesekera, and C. Youman. “Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt”. In Applications of Data Mining in Computer Security, D. Barbarà and S. Jajodia (eds.), Kluwer Academic Publisher, 2002.
dc.relation	[18] A. Lazarevic, J. Srivastava, and V. A. Kumar, “Survey of Intrusion Detection techniques”. Managing Cyber Threats: Issues, Approaches and Challenges, to be published by Kluwer in spring 2004.
dc.relation	[19] Working Group 2 of the Joint Committee for Guides in Metrology (JCGM/WG 2). International vocabulary of metrology - Basic and general concepts and associated terms (VIM). 3rd edition. 2008. Disponible en: http://www.bipm.org/utils/common/documents/jcgm/JCGM_200_2008.pdf
dc.relation	[20] Lincoln Laboratory of Massachusetts Institute Tecnology - MIT. Disponible en: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
dc.relation	[21] KDD Cup 1999. Disponible en: http:// kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
dc.relation	[22] The NSL-KDD Data Set. Disponible en: http://nsl.cs.unb.ca/NSL-KDD/
dc.relation	[23] The University of Waikato. Disponible en: http://www.cs.waikato.ac.nz/~ml/weka/index.html
dc.relation	[24] D. Graupe, Principles of Artificial Neural Networks, World Scientific Publishing Co. Pte. Ltd., Singapore. pp. 191-222, 1997.
dc.relation	[25] S. Balakrishnama and A. Ganapathiraju, Linear Discriminant Analysis - A Brief Tutorial, Institute for Signal and Information Processing, Department of Electrical and Computer Engineering, Mississippi State University. 1998.
dc.relation	[26] R. Fisher. “The Use of Multiple Measurements in Taxonomic Problems” In: Annals of Eugenics, 7, p. 179-188. 1936.
dc.relation	[27] McLachlan. “Discriminant Analysis and Statistical Pattern Recognition” In: Wiley Interscience. 2004.
dc.relation	[28] Martinez & Kak. “PCA versus LDA” In: IEEE Transactions on Pattern Analysis and Machine Intelligence, 23(2): 228-233. 2004.
dc.relation	[29] V. Venkatachalam and S. Selvan. “Performance comparison of intrusion detection system classifiers using various feature reduction techniques”. International journal of simulation, 2008 - Citeseer.
dc.relation	[30] A. Hyvärinen and E. Oja, “Independent Component Analysis: Algorithms and Applications”, Neural Networks, Volume 13, Issue 4-5 pp. 411-430. 2000.
dc.relation	[31] I. T. Jolliffe, Principal Component Analysis, Springer Verlag, New York, NY, third edition. 2002.
dc.relation	[32] K. Pearson, “On Lines and Planes of Closest Fit to Systems of Points in Space” (PDF). Philosophical Magazine 2 (6): 559-572. 1901.
dc.relation	[33] T. Kohonen. “Self-organizing Maps”. Springer Series in Information Sciences. Volume 30, 1997. 2nd edition.
dc.relation	[34] Kohonen’s Self Organizing Feature Maps. Disponible en: http://www.ai-junkie.com/ann/som/som1.html
dc.relation	[35] Do Phuc, and Mai Xuan Hung, “Using SOM based Graph Clustering for Extracting Main Ideas from Documents”. Research, Innovation and Vision for the Future, 2008. RIVF 2008. IEEE International Conference on. pp. 209-214. July 2008.
dc.relation	[36] I. Nakaoka, J.-I. Kushida and K. Kamei, “Proposal of Group Decision Support System Using “SOM” for Purchase of Automobiles”. Innovative Computing Information and Control, 2008. ICICIC ‘08. 3rd International Conference on p. 482. June 2008.
dc.relation	[37] M. O. Afolabi and O. Olude, “Predicting Stock Prices Using a Hybrid Kohonen Self Organizing Map (SOM)”. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on. p. 48. Jan. 2007.
dc.relation	[38] I. Manolakos and E. Logaras, “High throughput systolic SOM IP core for FPGAs”. Acoustics, Speech and Signal Processing, 2007. ICASSP 2007. IEEE International Conference on. pp. II-61 - II-64. April 2007.
dc.relation	[39] Kuang Yin and Luo Gang, “Fault Pattern Recognition of Thermodynamic System Based on SOM”. Electrical and Control Engineering (ICECE), 2010. International Conference on. pp. 3742-3745. June 2010.
dc.relation	[40] Hao Ying, Wang Li-qiang and Zhao Xi’an. “Automatic Roads Extraction From Highresolution Remote Sensing Images Based on SOM”. Natural Computation (ICNC), 2010 Sixth International Conference on. pp. 1194-1198. Aug. 2010.
dc.relation	[41] H. Tokutaka, K. Yoshihara, K. Fujimura, K. Iwamoto, T. Watanabe and S. Kishida, “Applications of Self-organizing Maps (SOM) to the Composition Determination of Chemical Products”. Neural Networks Proceedings, 1998. IEEE World Congress on Computational Intelligence. The 1998 IEEE International Joint Conference on. pp. 301-305 vol. 1. May 1998.
dc.relation	[42] Li Min and Wang Dongliang, “Anormaly Intrusion Detection Based on SOM”. Information Engineering, 2009. ICIE ‘09. WASE International Conference on. pp. 40-43. July 2009.
dc.relation	[43] J.C. Patra, J. Abraham, P.K. Meher, and G. Chakraborty, “An Improved SOM-based Visualization Technique for DNA Microarray Data Analysis”. Neural Networks (IJCNN), The 2010 International Joint Conference on. pp. 1-7. July 2010.
dc.relation	[44] Y . V. Venkatesh, S.K. Raja, and N. Ramya, “A Novel SOM-based Approach for Active Contour Modeling”. Intelligent Sensors, Sensor Networks and Information Processing Conference, 2004. Proceedings of the 2004. pp. 229-234. Dec. 2004.
dc.relation	[45] E. Cuadros-Vargas, Recuperação de informação por similaridad e utilizando técnicas inteligentes. PhD thesis, Department of Computer Science - University of Sao Paulo. 2004.
dc.relation	[46] J. Blackmore and R. Miikkulainen, “Incremental grid growing: Encoding highdimensional structure into a two-dimensional feature map”. In Proceedings of the International Conference on Neural Networks ICNN93, 1993, volume I, pp. 450- 455, Piscataway, NJ. IEEE Service Center.
dc.relation	[47] D. Alahakoon, S. K. Halgamuge and B. Srinivasan, “A structure adapting feature map for optimal cluster representation”. In International Conference on Neural Information Processing ICONIP98, 1998. pp. 809-812.
dc.relation	[48] B. Fritzke, “A growing neural gas network learns topologies”. In G. Tesauro, D. S. Touretzky and T. K. Leen, editors, Advances in Neural Information Processing Systems 7, 1995, pp. 625-632. MIT Press, Cambridge MA.
dc.relation	[49] T. Martinetz and K. Schulten, “Topology representing networks”. Neural Networks, 1994. 7(3):507-522.
dc.relation	[50] A. Ocsa, C. Bedregal and E. Cuadros-Vargas, “DB-GNG: A constructive self-organizing map based on density”. In Proceedings of the International Joint Conference on Neural Networks (IJCNN07). IEEE, 2007.
dc.relation	[51] Y . Prudent and A. Ennaji, A k nearest classifier design. ELCVIA, 2005. 5(2): 58-71.
dc.relation	[52] R. H. White, “Competitive hebbian learning: algorithm and demonstrations”. Neural Networks, 1992. 5(2): 261-275.
dc.relation	[53] The Growing Hierarchical Self-Organizing Map. Department of Software Technology. Vienna University of Technology. Septiembre 2011. Disponible en: http://www.ifs.tuwien.ac.at/~andi/ghsom/description.html#inse
dc.relation	INGE CUC
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	http://purl.org/coar/access_right/c_abf2
dc.source	INGE CUC
dc.source	https://revistascientificas.cuc.edu.co/ingecuc/article/view/225
dc.subject	IDS (Sistema de Detección de Intrusos)
dc.subject	FDR (Razón Discriminante de Fisher)
dc.subject	SOM (Mapas Auto-organizativos)
dc.subject	Dataset NSL-KDD DARPA
dc.subject	IDS (Intrusion Detection System)
dc.subject	FDR (Fisher Discriminant Ratio)
dc.subject	SOM (Self-Organizing Map)
dc.subject	Dataset NSL-KDD DARPA
dc.title	Modelo de detección de intrusiones en sistemas de red, realizando selección de características con FDR y entrenamiento y clasificación con SOM
dc.title	Intrusion detection model in network systems, making feature selection with fdr and classification-training stages with s
dc.type	Artículo de revista
dc.type	http://purl.org/coar/resource_type/c_6501
dc.type	Text
dc.type	info:eu-repo/semantics/article
dc.type	info:eu-repo/semantics/publishedVersion
dc.type	http://purl.org/redcol/resource_type/ART
dc.type	info:eu-repo/semantics/acceptedVersion
dc.type	http://purl.org/coar/version/c_ab4af688f83e57aa

Este ítem pertenece a la siguiente institución

Universidad de la Costa (Colombia)