Improvement of detection ability according to optimum selection of measures based on statistical approach

Abstract

A selection of useful measures and a generation of rules for detecting attacks from network data are very difficult. Expert's experiences are commonly required to generate the detection rules. If the rules are generated automatically, we will reduce man-power, management expense, and complexity of intrusion detection systems. In this paper, we propose two methods for generating the detection rules. One method is the statistical method based on relative entropy that uses for selecting the useful measures for generating the accurate rules. The other is decision tree algorithm based on entropy theory that generates the detection rules automatically. Also we propose a method of converting the continuous measures into categorical measures because continuous measures are hard to analyze. As the result, the detection rules for attacks are automatically generated without expert's experiences. Also, we selected the useful measures by the proposed method. © Springer-Verlag Berlin Heidelberg 2005.