Bootstrapping methodology for the Session-based Anomaly Notification Detector (SAND)
暂无分享,去创建一个
In [1] we discussed the possibilities of an anomaly-based intrusion detection system that modeled a network at a particular location using advanced data mining techniques on the network packets. In later research [2], we discovered that session-based anomaly detectors produced faster and better results that met our needs for modeling networks. However, a relatively high misclassification rate for our subsequent session-based models showed that we need to produce more solid results. Therefore, we created a bootstrapping algorithm to allow us to create submodels that were eventually combined together to form a larger meta-model. This larger meta-model contained information that had very low misclassification rates. Further, this bootstrapping methodology drastically reduced the false alarm rate while maintaining or even improving upon the number of attacks found in our training data sets.
[1] Joohan Lee,et al. Packet- vs. session-based modeling for intrusion detection systems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.
[2] Vern Paxson,et al. Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context , 2005, DIMVA.
[3] Joohan Lee,et al. A dynamic data mining technique for intrusion detection systems , 2005, ACM Southeast Regional Conference.
[4] Herbert A. Edelstein,et al. Scalable data mining , 1997 .