Architecture-centric network behavior model generation for detecting internet worms

Seung Hyun Paek; Kiwook Sohn

doi:10.1109/IPC.2007.58

Architecture-centric network behavior model generation for detecting internet worms

Seung Hyun Paek, Kiwook Sohn

Dept. of Computer Science and Engineering

National Security Research Institute, Korea

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Data mining techniques have been popular in the research area of intrusion detections. However, most researches have mainly focused on the intrusion detection in the view of model generation techniques, but not in the view of system architectures. In this paper, we propose the architecture of network-intrusion detection model generation system. Our architecture creates candidate models by various data mining techniques and one new technique (sC4.5) for the network behavior data set and then elects the best appropriate model according to user requirements after evaluating candidate models. We also present sC4.5 as a decision tree classification algorithm by complimenting existing C4.5 algorithm. sC4.5 preserves classification accuracy like C4.5 and makes the decision tree smaller than C4.5.

Original language	English
Title of host publication	Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Publisher	IEEE Computer Society
Pages	220-223
Number of pages	4
ISBN (Print)	0769530060, 9780769530062
DOIs	https://doi.org/10.1109/IPC.2007.58
State	Published - 2007
Event	2007 International Conference on Intelligent Pervasive Computing, IPC 2007 - Jeju Island, Korea, Republic of Duration: 11 Oct 2007 → 13 Oct 2007

Publication series

Name	Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Conference

Conference	2007 International Conference on Intelligent Pervasive Computing, IPC 2007
Country/Territory	Korea, Republic of
City	Jeju Island
Period	11/10/07 → 13/10/07

Access to Document

10.1109/IPC.2007.58

Cite this

Paek, S. H., & Sohn, K. (2007). Architecture-centric network behavior model generation for detecting internet worms. In Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007 (pp. 220-223). Article 4438428 (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007). IEEE Computer Society. https://doi.org/10.1109/IPC.2007.58

@inproceedings{489bcbb54fb24d169814751d703d944d,

title = "Architecture-centric network behavior model generation for detecting internet worms",

abstract = "Data mining techniques have been popular in the research area of intrusion detections. However, most researches have mainly focused on the intrusion detection in the view of model generation techniques, but not in the view of system architectures. In this paper, we propose the architecture of network-intrusion detection model generation system. Our architecture creates candidate models by various data mining techniques and one new technique (sC4.5) for the network behavior data set and then elects the best appropriate model according to user requirements after evaluating candidate models. We also present sC4.5 as a decision tree classification algorithm by complimenting existing C4.5 algorithm. sC4.5 preserves classification accuracy like C4.5 and makes the decision tree smaller than C4.5.",

author = "Paek, \{Seung Hyun\} and Kiwook Sohn",

year = "2007",

doi = "10.1109/IPC.2007.58",

language = "English",

isbn = "0769530060",

series = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",

publisher = "IEEE Computer Society",

pages = "220--223",

booktitle = "Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007",

note = "2007 International Conference on Intelligent Pervasive Computing, IPC 2007 ; Conference date: 11-10-2007 Through 13-10-2007",

}

Paek, SH & Sohn, K 2007, Architecture-centric network behavior model generation for detecting internet worms. in Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007., 4438428, Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, IEEE Computer Society, pp. 220-223, 2007 International Conference on Intelligent Pervasive Computing, IPC 2007, Jeju Island, Korea, Republic of, 11/10/07. https://doi.org/10.1109/IPC.2007.58

Architecture-centric network behavior model generation for detecting internet worms. / Paek, Seung Hyun; Sohn, Kiwook.
Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007. IEEE Computer Society, 2007. p. 220-223 4438428 (Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Architecture-centric network behavior model generation for detecting internet worms

AU - Paek, Seung Hyun

AU - Sohn, Kiwook

PY - 2007

Y1 - 2007

N2 - Data mining techniques have been popular in the research area of intrusion detections. However, most researches have mainly focused on the intrusion detection in the view of model generation techniques, but not in the view of system architectures. In this paper, we propose the architecture of network-intrusion detection model generation system. Our architecture creates candidate models by various data mining techniques and one new technique (sC4.5) for the network behavior data set and then elects the best appropriate model according to user requirements after evaluating candidate models. We also present sC4.5 as a decision tree classification algorithm by complimenting existing C4.5 algorithm. sC4.5 preserves classification accuracy like C4.5 and makes the decision tree smaller than C4.5.

AB - Data mining techniques have been popular in the research area of intrusion detections. However, most researches have mainly focused on the intrusion detection in the view of model generation techniques, but not in the view of system architectures. In this paper, we propose the architecture of network-intrusion detection model generation system. Our architecture creates candidate models by various data mining techniques and one new technique (sC4.5) for the network behavior data set and then elects the best appropriate model according to user requirements after evaluating candidate models. We also present sC4.5 as a decision tree classification algorithm by complimenting existing C4.5 algorithm. sC4.5 preserves classification accuracy like C4.5 and makes the decision tree smaller than C4.5.

UR - http://www.scopus.com/inward/record.url?scp=50249118221&partnerID=8YFLogxK

U2 - 10.1109/IPC.2007.58

DO - 10.1109/IPC.2007.58

M3 - Conference contribution

AN - SCOPUS:50249118221

SN - 0769530060

SN - 9780769530062

T3 - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

SP - 220

EP - 223

BT - Proceedings The 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

PB - IEEE Computer Society

T2 - 2007 International Conference on Intelligent Pervasive Computing, IPC 2007

Y2 - 11 October 2007 through 13 October 2007

ER -

Architecture-centric network behavior model generation for detecting internet worms

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this