학술대회 A Novel Hierarchical Detection Methodfor Enhancing Anomaly Detection Efficiency
김은혜, 김세헌
International Conference on Communication Systems and Computing Application Science (CSCAS) 2015, pp.1-5
Improving detection accuracy and efficiency is crucial to the effectiveness of an intrusion detection system. In this paper, a novel intrusion detection system based on hierarchical approach that integrates a Random Forest based misuse detection model and a Self-Organizing Map based anomaly detection model is proposed for improving detection rates with low computational cost. In the proposed detection system, two components of removing the known attacks through the misuse detection first and reducing features that are redundant and contribute little to the detection process make it possible to construct the normal profiles precisely and efficiently detect unknown attacks deviated significantly from normal pattern. The proposed system not only achieves a significant detection performance, but also enables fast detection through the hierarchical detection method with a good subset of features that are critical to the improvement of the performance of classifiers.
anomaly detection, hierarchical method, misuse detection, redundancy analysis
