Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining

  • Harjit Singh
  • Steven Furnell
  • Benn Lines
  • Paul Dowland
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)


The continuous growth of computer networks, coupled with the increasing number of people relying upon information technology, has inevitably attracted both mischievous and malicious abusers. Such abuse may originate from both outside an organisation and from within, and will not necessarily be prevented by traditional authentication and access control mechanisms. Intrusion Detection Systems aim to overcome these weaknesses by continuously monitoring for signs of unauthorised activity. The techniques employed often involve the collection of vast amounts of auditing data to identify abnormalities against historical user behaviour profiles and known intrusion scenarios. The approach may be optimised using domain expertise to extract only the relevant information from the wealth available, but this can be time consuming and knowledge intensive. This paper examines the potential of Data Mining algorithms and techniques to automate the data analysis process and aid in the identification of system features and latent trends that could be used to profile user behaviour. It presents the results of a preliminary analysis and discusses the strategies used to capture and profile behavioural characteristics using data mining in the context of a conceptual Intrusion Monitoring System framework.


Data Mining Intrusion Detection Systems Knowledge Discovery Behavioural Profiling Intelligent Data Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Computer Security Institute, “2000 CSI/FBI Computer Crime and Security Survey”, Vol. 6,No. 1, SPRING-2000Google Scholar
  2. 2.
    Lunt, T.F.: IDES: an intelligent system for detecting intruders. Proc. of the Computer Security, Threat and Countermeasures Symposium, Rome, Italy (November 1990)Google Scholar
  3. 3.
    Mukherjee, B., Herberlein, L.T. and Levitt, K.N.: Network Intrusion Detection. IEEE Network-1994, Vol. 8.3 26–41Google Scholar
  4. 4.
    Frank, J.: Artificial Intelligence and Intrusion Detection: current and future direction. Proc. of the 17th National Computer Security Conference (October 1994)Google Scholar
  5. 5.
    Amoroso, E.G.: Intrusion Detection: an introduction to internet surveillance, correlation, traps, trace back, and response. Intrusion.Net-1999, ISBN 0-9666700-7-8Google Scholar
  6. 6.
    Westphal, C. and Blaxton, T.: Data Mining Solution, Methods and Tools for Solving Real-World Problems. Wiley-1998, ISBN 0-471-25384-7, 531–585Google Scholar
  7. 7.
    Sasisekharan, R. and Seshadri, V.: Data Mining and Forecasting in Large-Scale Telecommunications Networks. IEEE Expert Intelligent Systems and Their Applications-1996, Vol. 11.1 37–43Google Scholar
  8. 8.
    Lee, W. and Stolfo, S.: Data Mining Approaches for Intrusion detection. Proc. 7th USENIX Security Symposium (1998)Google Scholar
  9. 9.
    Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusion Using Calls: alternative data models. Symposium on Security and Privacy (1999)Google Scholar
  10. 10.
    Fayyad, U.M.: Data Mining and Knowledge Discovery: making sense out of data. IEEE Expert-1996, Vol. 11.6 20–25Google Scholar
  11. 11.
    Adriaans, P. and Zantinge, D.: Data Mining. Addison-Wesley-1998, ISBN 0-201-40380-3Google Scholar
  12. 12.
    Michie, D., Spiegelhalter, D.J. and Taylor C.C.: Machine Learning, Neural and Statistical Classification. Ellis Horwood-1994, ISBN 0-13-106360-X, 136–141Google Scholar
  13. 13.
    Singh, H., Burn-Thornton, K.E. and Bull, P.D.: Classification of Network State Using Data Mining. Proc. of the 4th IEEE MICC & ISCE’ 99,Malacca, Malaysia, Vol. 1. 183–187Google Scholar
  14. 14.
    Furnell, S.M. and Dowland, P.S.: A Conceptual Architecture for Real-time Intrusion Monitoring. Information Management & Computer Security-2000, Vol. 8.2 65–74Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Harjit Singh
    • 1
  • Steven Furnell
    • 1
  • Benn Lines
    • 1
  • Paul Dowland
    • 1
  1. 1.Network Research Group, Department of Communication and Electronic EngineeringUniversity of PlymouthDrake CircusUK

Personalised recommendations