Abstract
Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.
This research is supported by the Natural Science Foundation of Hubei Province under grant 2001ABA001.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bridges, S.M., Vaughn, R.B.: Fuzzy data mining and genetic algorithms applied to intrusion detection. In: Proc. of the Twenty-third National Information Systems Security Conference, Baltimore, MD, pp.13–31 (October 2000)
Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: Proc. of 19th International Conference of the North American. Fuzzy Information Processing Society, pp.301–306 (2000)
Florez, G., Bridges, S.M., Vaughn, R.B.: An improved algorithm for fuzzy data mining for intrusion detection. In: Proc. of NAFIPS Annual Meeting of the North American. Fuzzy Information Processing Society, pp. 457–462 (2002)
Fu, F., Ni, J., Zhu, H., Wang, S., Huang, Y.: Applied probability and statistical, 254–275. Renmin University, China (1989)
Canavos, G.C.: Applied probability and statistical method, 417–420. Little, Brown, Boston (1984)
Ghosh, A., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proc. of the Eighth USENIX Security Symposium (1999)
Gaffney Jr., J.E., Ulvila, J.W.: Evaluation of intrusion detectors: a decision theory approach. In: IEEE Symposium on Security and Privacy, pp.50–61 (2001)
Jin, H., Sun, J., Chen, H., Han, Z.: A Risk-sensitive Intrusion Detection Model. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 107–117. Springer, Heidelberg (2002)
Blum, J.R.: Probability and statistics, pp. 267–269. W.B. Saunders, Philadelphia (1972)
Casella, G., Berger, R.: Statistical Inference, pp. 260–270. Wadsworth & Brooks/Cole, Belmont (1990)
Li, C., Biswas, G.: Conceptual clustering with numeric-and-nominal mixed data – a new similarity based system. IEEE Transactions on Knowledge and Data Engineering (1998)
Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. on Systems, Man, and Cybernetics - Part A: Systems and Humans 31(4), 266–274 (2001)
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the Seventh USENIX Security Symposium (SECURITY 1998), San Antonio, TX (January 1998)
Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)
Lee, W., Stolfo, S., Chan, P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: Proc. of AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)
Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proc. of the 2001 DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, pp. 85–100 (June 2001), http://www.cc.gatech.edu/~wenke/papers/dmids-discex01.ps
Marin, J., Ragsdale, D., Surdu, J.: A hybrid approach to the profile creation and intrusion detection. In: Proc. of DARPA Information Survivability Conference & Exposition II (DISCEX 2001), vol. 1, pp. 69–76 (2001)
Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data usingclustering. In: Proc. of ACM CSS Workshop on Data Mining Applied to Security (DMAS- 2001), Philadelphia, PA (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, J., Jin, H., Chen, H., Han, Z., Zou, D. (2003). A Data Mining Based Intrusion Detection Model. In: Liu, J., Cheung, Ym., Yin, H. (eds) Intelligent Data Engineering and Automated Learning. IDEAL 2003. Lecture Notes in Computer Science, vol 2690. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45080-1_91
Download citation
DOI: https://doi.org/10.1007/978-3-540-45080-1_91
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40550-4
Online ISBN: 978-3-540-45080-1
eBook Packages: Springer Book Archive