A data mining framework for building intrusion detection models

@article{Lee1999ADM,
  title={A data mining framework for building intrusion detection models},
  author={Wenke Lee and S. Stolfo and Kui W. Mok},
  journal={Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)},
  year={1999},
  pages={120-132}
}
  • Wenke Lee, S. Stolfo, K. Mok
  • Published 14 May 1999
  • Computer Science
  • Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and slow. We describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session… 
A framework for constructing features and models for intrusion detection systems
TLDR
A novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection, which uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns.
Research and Design for Intrusion Detection System with Hybrid Detector and Apriori Algorithm
TLDR
A hybrid IDS is proposed, which combines network and host IDS, with anomaly and misuse detection mode, utilizes auditing programs to extract an extensive set of features that describe each network connection or host session, and applies data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.
A Data Mining Approach for Intrusion Detection System Using Boosted Decision Tree Approach
TLDR
Experimental results shows better results for detecting intrusions as compared to others existing methods, and new ensemble boosted decision tree approach for intrusion detection system is proposed.
Analysis and Design for Intrusion Detection System Based on Data Mining
TLDR
A hybrid IDS is proposed, which combines network and host IDS, with anomaly and misuse detection mode, and utilizes auditing programs to extract an extensive set of features that describe each network connection or host session, and applies data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.
A Data Mining Based Intrusion Detection Model
TLDR
This paper studies the issue of building a data mining based intrusion detection model that can detect most novel attacks that are variants of known attacks and applies statistics inference theory to this model.
A dynamic data mining technique for intrusion detection systems
TLDR
The findings of the research in the area of anomaly-based intrusion detection systems are reported using data-mining techniques described in section 3.3 to create a decision tree model of the network using the 1999 DARPA Intrusion Detection Evaluation data set.
Relevant Feature Selection Model Using Data Mining for Intrusion Detection System
TLDR
A new feature selection model is proposed; this model can effectively select the most relevant features for intrusion detection and is not only able to yield high detection rates but also to speed up the detection process.
A new framework for intrusion detection based on rough set theory
TLDR
An effective method for misuse intrusion detection with low cost and high efficiency is presented and a rough set and rule-tree-based incremental knowledge acquisition algorithm is presented in order to solve problems of updating rule set when new attacks appear.
Network intrusion detection system model based on data mining
  • Yanjie Zhao
  • Computer Science
    2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)
  • 2016
TLDR
A network intrusion detection model based on data mining technology, which can detect known intrusion effectively and has a good capacity to recognize unknown data schema which can't be detected effectively in traditional IDS is developed.
Real Time Intrusion Detection Systems using Data Mining Practices
TLDR
A new real time data-mining based technique for intrusion detection using an ensemble of binary classifiers with feature selection and multiboosting simultaneously is proposed.
...
...

References

SHOWING 1-10 OF 91 REFERENCES
Data Mining Approaches for Intrusion Detection
TLDR
An agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents is proposed.
Mining Audit Data to Build Intrusion Detection Models
TLDR
A data mining framework for constructing intrusion detection models to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute classifiers that can recognize anomalies and known intrusions.
Mining in a data-flow environment: experience in network intrusion detection
TLDR
It is shown that in order to minimize the time required in using the classification models in a real-time environment, the “necessary conditions” associated with the lowcost features can be exploited to determine whether some high-cost features need to be computed and the corresponding classification rules need to been checked.
Network intrusion detection
TLDR
Host-based and network-based IDSs are surveyed, and the characteristics of the corresponding systems are identified and an outline of a statistical anomaly detection algorithm employed in a typical IDS is included.
A Software Architecture to Support Misuse Intrusion Detection
TLDR
This paper presents a software architecture for structuring a pattern matching solution to misuse intrusion detection based on Colored Petri Nets, and describes the abstract classes encapsulating generic functionality and the inter-relationships between the classes.
A common intrusion detection framework
TLDR
The issues involved in standardizing formats, protocols, and architectures to co-manage intrusion detection and response systems, and compare the strengths and weaknesses of previous approaches are considered.
JAM: Java Agents for Meta-Learning over Distributed Databases
TLDR
The overall architecture of the JAM system is described and the specific implementation currently under development at Columbia University is described, one of JAM's target applications is fraud and intrusion detection in financial information systems.
Sequence Matching and Learning in Anomaly Detection for Computer Security
TLDR
It is found, empirically, that the optimal similarity measure is user dependant but that measures based on the assumption of causal linkage between user commands are superior for this domain.
Automated detection of vulnerabilities in privileged programs by execution monitoring
TLDR
By tightly restricting the behavior of all privileged programs, exploitations of unknown vulnerabilities can be detected by monitoring their execution using audit trails, and a program policy specification language is described, which is based on simple predicate logic and regular expressions.
The KDD process for extracting useful knowledge from volumes of data
TLDR
A new generation of computational techniques and tools is required to support the extraction of useful knowledge from the rapidly growing volumes of data, the subject of the emerging field of knowledge discovery in databases (KDD) and data mining.
...
...