Predictive security model using data mining

We propose a practical and predictive security model for intrusion detection in a computer networking environment using data mining. This model uses a classification and regression technique for data mining. The goal of the proposed model is to identify significant variables that measure network intrusion from a wealth of raw network data and perform an efficient vulnerability evaluation based on those variables. Analysis of experimental results conducted using the DARPA benchmark dataset shows that the CART (classification and regression trees) approach performs better compared to other models, like random projection and principal component analysis. The results also indicate that the performance of the CART approach in the proposed model is not significantly affected, even as the dimension of the input data decreases, without compromising the prediction success rate.

[1]  Dharma P. Agrawal,et al.  Network Intrusion Detection System Using Random Projection Technique , 2003, Security and Management.

[2]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[3]  Anup Kumar,et al.  An Adaptive and Predictive Security Model for Mobile Ad hoc Networks , 2004, Wirel. Pers. Commun..

[4]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Anup Kumar,et al.  An adaptive security model for mobile agents in wireless networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[6]  Johannes Gehrke,et al.  Bias Correction in Classification Tree Construction , 2001, ICML.

[7]  Jaideep Srivastava,et al.  Data Mining for Network Intrusion Detection , 2002 .

[8]  Salvatore J. Stolfo,et al.  Data mining-based intrusion detectors: an overview of the columbia IDS project , 2001, SGMD.

[9]  Wei Fan,et al.  Mining system audit data: opportunities and challenges , 2001, SGMD.

[10]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[11]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[12]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[13]  Wenke Lee,et al.  Intrusion detection in wireless ad-hoc networks , 2000, MobiCom '00.