Skip to main content
SpringerLink
Log in

A Data Mining Based Intrusion Detection Model

  • Conference paper
Intelligent Data Engineering and Automated Learning (IDEAL 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2690))

Abstract

Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

This research is supported by the Natural Science Foundation of Hubei Province under grant 2001ABA001.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bridges, S.M., Vaughn, R.B.: Fuzzy data mining and genetic algorithms applied to intrusion detection. In: Proc. of the Twenty-third National Information Systems Security Conference, Baltimore, MD, pp.13–31 (October 2000)

    Google Scholar 

  2. Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: Proc. of 19th International Conference of the North American. Fuzzy Information Processing Society, pp.301–306 (2000)

    Google Scholar 

  3. Florez, G., Bridges, S.M., Vaughn, R.B.: An improved algorithm for fuzzy data mining for intrusion detection. In: Proc. of NAFIPS Annual Meeting of the North American. Fuzzy Information Processing Society, pp. 457–462 (2002)

    Google Scholar 

  4. Fu, F., Ni, J., Zhu, H., Wang, S., Huang, Y.: Applied probability and statistical, 254–275. Renmin University, China (1989)

    Google Scholar 

  5. Canavos, G.C.: Applied probability and statistical method, 417–420. Little, Brown, Boston (1984)

    Google Scholar 

  6. Ghosh, A., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proc. of the Eighth USENIX Security Symposium (1999)

    Google Scholar 

  7. Gaffney Jr., J.E., Ulvila, J.W.: Evaluation of intrusion detectors: a decision theory approach. In: IEEE Symposium on Security and Privacy, pp.50–61 (2001)

    Google Scholar 

  8. Jin, H., Sun, J., Chen, H., Han, Z.: A Risk-sensitive Intrusion Detection Model. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 107–117. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Blum, J.R.: Probability and statistics, pp. 267–269. W.B. Saunders, Philadelphia (1972)

    MATH  Google Scholar 

  10. Casella, G., Berger, R.: Statistical Inference, pp. 260–270. Wadsworth & Brooks/Cole, Belmont (1990)

    MATH  Google Scholar 

  11. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  12. Li, C., Biswas, G.: Conceptual clustering with numeric-and-nominal mixed data – a new similarity based system. IEEE Transactions on Knowledge and Data Engineering (1998)

    Google Scholar 

  13. Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. on Systems, Man, and Cybernetics - Part A: Systems and Humans 31(4), 266–274 (2001)

    Article  Google Scholar 

  14. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the Seventh USENIX Security Symposium (SECURITY 1998), San Antonio, TX (January 1998)

    Google Scholar 

  15. Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)

    Google Scholar 

  16. Lee, W., Stolfo, S., Chan, P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: Proc. of AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)

    Google Scholar 

  17. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proc. of the 2001 DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, pp. 85–100 (June 2001), http://www.cc.gatech.edu/~wenke/papers/dmids-discex01.ps

  18. Marin, J., Ragsdale, D., Surdu, J.: A hybrid approach to the profile creation and intrusion detection. In: Proc. of DARPA Information Survivability Conference & Exposition II (DISCEX 2001), vol. 1, pp. 69–76 (2001)

    Google Scholar 

  19. Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data usingclustering. In: Proc. of ACM CSS Workshop on Data Mining Applied to Security (DMAS- 2001), Philadelphia, PA (2001)

    Google Scholar 

  20. http://www.ams.mod.uk/

Download references

Author information

Authors and Affiliations

  1. Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, 430074, China

    Jianhua Sun, Hai Jin, Hao Chen, Zongfen Han & Deqing Zou

Authors
  1. Jianhua Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zongfen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Deqing Zou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  2. Department of Computer Science, Hong Kong Baptist University, Hong Kong

    Yiu-ming Cheung

  3. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, J., Jin, H., Chen, H., Han, Z., Zou, D. (2003). A Data Mining Based Intrusion Detection Model. In: Liu, J., Cheung, Ym., Yin, H. (eds) Intelligent Data Engineering and Automated Learning. IDEAL 2003. Lecture Notes in Computer Science, vol 2690. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45080-1_91

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45080-1_91

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40550-4

  • Online ISBN: 978-3-540-45080-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation