A Data Mining Framework for Adaptive Intrusion Detection
نویسندگان
چکیده
In this paper we describe a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Our experiments on audit data of system programs and network activities showed that classification models can detect intrusions, provided that sufficient audit data is available for training and the right set of system features are selected. We propose to use the association rules and frequent episodes computed from audit data as the basis for guiding the audit data gathering and feature selection processes. This research is supported in part by grants from DARPA (F30602-96-1-0311) and NSF (IRI-96-32225 and CDA96-25374)
منابع مشابه
A Framework for an Adaptive Intrusion Detection System with Data Mining
The goal of a network-based intrusion detection system (IDS) is to identify patterns of known intrusions (misuse detection) or to differentiate anomalous network activity from normal network traffic (anomaly detection). Data mining methods have been used to build automatic intrusion detection systems based on anomaly detection. The goal is to characterize the normal system activities with a pro...
متن کاملA Novel Data Mining based Hybrid Intrusion Detection Framework
The prosperity of technology worldwide has made the concerns of security tend to increase rapidly. The enormous usage of internetworking has raised the need of protecting system(s) as well as network(s) from the unauthorized access (intrusion). To tackle the intrusive activities, several countermeasures have been found in literature viz. firewall, antivirus and currently widely preferred Intrus...
متن کاملA Novel and Advanced Data Mining Model Based Hybrid Intrusion Detection Framework
An Intrusion can be defined as any practice or act that attempt to crack the integrity, confidentiality or availability of a resource. This may contain of a deliberate unauthorized attempt to access the information, manipulate the data, or make a system unreliable or unusable. With the expansion of computer networks at an alarming rate during the past decade, security has become one of the seri...
متن کاملA Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems
A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems
متن کاملAnalysis of Data mining Algorithm in Intrusion Detection
In this paper, we have presented a survey on the different data mining technique of intrusion detection which is basically used for the intrusion detection purpose in the field of data mining. Today intrusion detection in data mining has gain more interest to the researches, there are many intrusion detection issues in data mining like dos attacks, R2L, U2R and probing etc. There are many algor...
متن کاملAdaptive Model Generation for Intrusion Detection Systems
In this paper, we present adaptive model generation, a method for automatically building detection models for data-mining based intrusion detection systems. Using the same data collected by intrusion detection sensors, adaptive model generation builds detection models on the fly. This significantly reduces the deployment cost of an intrusion detection system because it does not require building...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998