Anomaly Detection Scheme Using Data Mining in Mobile Environment

  • Kwang-jin Park
  • Hwang-bin Ryou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2668)


For detecting the intrusion effectively, many researches have developed data mining framework for constructing intrusion detection modules. Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal data. To detect anomalous behavior, precise normal pattern is necessary. For this, the understanding of the characteristics of data on network is inevitable. In this paper we propose to use clustering and association rules as the basis for guiding anomaly detection in mobile environment. We present dynamic transaction for generating more effectively detection patterns. For applying entropy to filter noisy data, we present a technique for detecting anomalies without training on normal data.


Association Rule Intrusion Detection Intrusion Detection System Unlabeled Data Mobile Environment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    T. Berners-Lee, R. Fielding, and H. Frystyk: HyperText Transfer Protocol-HTTP/1.0. RFC 1945, May 1996.Google Scholar
  2. 2.
    R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee: HyperText Transfer Protocol-HTTP/1.1. IETF RFC 2616, June 1999.Google Scholar
  3. 3.
    M. E. Crovella, R. Frangioso, and M. Harchol-Balter: Connection Scheduling in Web Servers. Proceedings of the 1999 USENIX Symposium on Internet Technologies and Systems, pp.243–254, October 1999.Google Scholar
  4. 4.
    M. Harchol-Balter, M. Crovella, and S. Park: The Case for SRPT Scheduling in Web Servers. MIT-LCS-TR-767, October 1998.Google Scholar
  5. 5.
    N. Bhatti and Rich Friedrich: Web Server Support for Tiered Services. HPL-1999-160, 1999.Google Scholar
  6. 6.
    Paul e. proctor: The practical intrusion detection handbook, 2001.Google Scholar
  7. 7.
    Wenke Lee: A data mining framework for constructing features and models for instruction detection systems, 1999.Google Scholar
  8. 8.
    Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy and Salvatore Stolfo: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusion in Unlabeled Data. To appear in Data Mining for Security Applications. Kluwer 2002.Google Scholar
  9. 9.
    Wenke Lee, Salvatore J. Stolfo: Data Mining Approaches for Intrusion Detection. Proceedings of the 7th USENIX security Symposium, Texas, 1998.Google Scholar
  10. 10.
    Leonid Portnoy, Eleazar Eskin and Sal Stolfo: Intrusion Detection with Unlabeled Data Using Clustering, 2001.Google Scholar
  11. 11.
    Eleazar Eskin: Anomaly Detection over Noisy Data using Learned Probability Distributions, 2000.Google Scholar
  12. 12.
    Rakesh Agrawal, Ramakrshnan Srikant: Fast Algorithm for Mining Association Rules, In Proc. of the 20th VLDB conference, 1994.Google Scholar
  13. 13.
    Eleazar Eskin, Wenke Lee, Salvatore J. Stolfo: Modeling System Calls for Intrusion Detection with Dynamic Window Sizes, 2001.Google Scholar
  14. 14.
    Harold S. Javitz and Alfonso Valdes: The NIDES Statistical Component Description and Justification, Annual report, SRI International, 1994.Google Scholar
  15. 15.
    Phillip A. Porras and Peter G. Neumann: EMERALD: Event Monitoring Enabling Responses Anomalous Live Disturbances, 20th NISSC, 1997.Google Scholar
  16. 16.
    H. S. Javitz, A. Valdes: The SRI IDES Statistical Anomaly Detector. In Proc. of the 1991 IEEE Symposium on Research in Security and Privacy, 1991.Google Scholar
  17. 17.
    Sandeep Kumar: Classification and Detection of Computer Intrusions. Ph. D. Dissertation, August 1995.Google Scholar
  18. 18.
    Leonid Portnoy, Eleazar Eskin and Salvatore J. Stolfo: Intrusion detection with unlabeled data using clustering, To Appear in Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001). Philadelphia, PA: November 5-8, 2001.Google Scholar
  19. 19.
    Wenke Lee, Sal Stolfo, and Kui Mok: A Data Mining Framework for Building Intrusion Detection Models, In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.Google Scholar
  20. 20.
    Martin Ester, Hans-Peter Kriegel, Sander, Michael Wimmer, Xiaowei Xu: Incremental Clustering for Mining in a Data Warehousing Environment, Proceedings of the 24th VLDB Conference, New York, USA, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Kwang-jin Park
    • 1
  • Hwang-bin Ryou
    • 2
  1. 1.Dept. of Computer ScienceKwangwoon UniversitySeoulKorea
  2. 2.Dept. of Computer ScienceKwangwoon UniversitySeoulKorea

Personalised recommendations