×

Improvement of detection ability according to optimum selection of measures based on statistical approach. (English) Zbl 1151.94620

Feng, Dengguo (ed.) et al., Information security and cryptology. First SKLOIS conference, CISC 2005, Beijing, China, December 15–17, 2005. Proceedings. Berlin: Springer (ISBN 3-540-30855-5/pbk). Lecture Notes in Computer Science 3822, 254-264 (2005).
Summary: A selection of useful measures and a generation of rules for detecting attacks from network data are very difficult. Expert’s experiences are commonly required to generate the detection rules. If the rules are generated automatically, we will reduce man-power, management expense, and complexity of intrusion detection systems. In this paper, we propose two methods for generating the detection rules. One method is the statistical method based on relative entropy that uses for selecting the useful measures for generating the accurate rules. The other is decision tree algorithm based on entropy theory that generates the detection rules automatically. Also we propose a method of converting the continuous measures into categorical measures because continuous measures are hard to analyze. As the result, the detection rules for attacks are automatically generated without expert’s experiences. Also, we selected the useful measures by the proposed method.
For the entire collection see [Zbl 1099.94001].

MSC:

94A62 Authentication, digital signatures and secret sharing
94A17 Measures of information, entropy
94A13 Detection theory in information and communication theory
PDFBibTeX XMLCite
Full Text: DOI