• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

A hybrid intrusion detection system based on CBA and OCSVM for unknown threat detection


Gun-Yoon Shin, Dong-Wook Kim, Jiyoung Yun, Sang-Soo Kim, Myung-Mook Han, Journal of Internet Computing and Services, Vol. 22, No. 3, pp. 27-35, Jun. 2021
10.7472/jksii.2021.22.3.27, Full Text:
Keywords: Unknown Threat, Hybrid Intrusion Detection, Classification based on Association Rule, One-class SVM

Abstract

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Gun-Yoon Shin, Dong-Wook Kim, Jiyoung Yun, Sang-Soo Kim, & Myung-Mook Han (2021). A hybrid intrusion detection system based on CBA and OCSVM for unknown threat detection. Journal of Internet Computing and Services, 22(3), 27-35. DOI: 10.7472/jksii.2021.22.3.27.

[IEEE Style]
G. Shin, D. Kim, J. Yun, S. Kim and M. Han, "A hybrid intrusion detection system based on CBA and OCSVM for unknown threat detection," Journal of Internet Computing and Services, vol. 22, no. 3, pp. 27-35, 2021. DOI: 10.7472/jksii.2021.22.3.27.

[ACM Style]
Gun-Yoon Shin, Dong-Wook Kim, Jiyoung Yun, Sang-Soo Kim, and Myung-Mook Han. 2021. A hybrid intrusion detection system based on CBA and OCSVM for unknown threat detection. Journal of Internet Computing and Services, 22, 3, (2021), 27-35. DOI: 10.7472/jksii.2021.22.3.27.