Data Mining Techniques for ( Network ) Intrusion Detection Systems

In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Intrusion detection does not, in general, include prevention of intrusions. In this paper, we are mostly focused on data mining techniques that are being used for such purposes. We debate on the advantages and disadvantages of these techniques. Finally we present a new idea on how data mining can aid IDSs. General Terms Security, Data mining

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Steven R. Snapp,et al.  The DIDS (Distributed Intrusion Detection System) Prototype , 1992, USENIX Summer.

[3]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Gregory Piatetsky-Shapiro,et al.  Knowledge Discovery in Databases: An Overview , 1992, AI Mag..

[5]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[6]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[7]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[8]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[9]  Gregory Piatetsky-Shapiro,et al.  The KDD process for extracting useful knowledge from volumes of data , 1996, CACM.

[10]  Heikki Mannila,et al.  Discovering Generalized Episodes Using Minimal Occurrences , 1996, KDD.

[11]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[12]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[13]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[14]  George J. Klir,et al.  Fuzzy arithmetic with requisite constraints , 1997, Fuzzy Sets Syst..

[15]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[16]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[17]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[18]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.

[19]  S. Forrest,et al.  Immunizing Computer Networks : Getting All the Machines in Your Network to Fight the Hacker Disease , 1998 .

[20]  D. Endler,et al.  Intrusion detection. Applying machine learning to Solaris audit data , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[21]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[22]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[23]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[24]  David J. Marchette A Statistical Method for Profiling Network Traffic , 1999, Workshop on Intrusion Detection and Network Monitoring.

[25]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[26]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[27]  Jianxiong Luo INTEGRATING FUZZY LOGIC WITH DATA MINING METHODS FOR INTRUSION DETECTION , 1999 .

[28]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[29]  F. Neri,et al.  Comparing local search with respect to genetic evolution to detect intrusions in computer networks , 2000, Proceedings of the 2000 Congress on Evolutionary Computation. CEC00 (Cat. No.00TH8512).

[30]  Salvatore J. Stolfo,et al.  A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions , 2000, Recent Advances in Intrusion Detection.

[31]  Carla E. Brodley,et al.  Machine learning techniques for the computer security domain of anomaly detection , 2000 .

[32]  Filippo Neri Mining TCP/IP Traffic for Network Intrusion Detection by Using a Distributed Genetic Algorithm , 2000, ECML.

[33]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[34]  Salvatore J. Stolfo,et al.  A Multiple Model Cost-Sensitive Approach for Intrusion Detection , 2000, ECML.

[35]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[36]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[37]  James Cannady Applying CMAC-based online learning to intrusion detection , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[38]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[39]  E. Bloedorn,et al.  Data mining for network intrusion detection : How to get started , 2001 .

[40]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[41]  Tamas Abraham IDDM: Intrusion Detection Using Data Mining Techniques , 2001 .

[42]  Salvatore J. Stolfo,et al.  Cost-sensitive, scalable and adaptive learning using ensemble-based methods , 2001 .

[43]  Daniel J. Ragsdale,et al.  A hybrid approach to the profile creation and intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[44]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[45]  Chittur,et al.  Model Generation for an Intrusion Detection System Using Genetic Algorithms , 2001 .

[46]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[47]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[48]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[49]  Srikanth Kandula,et al.  Argus: A Distributed Network Intrusion Detection System , 2002 .

[50]  Frédéric Cuppens,et al.  Correlation in an intrusion detection process , 2002 .

[51]  Giovanni Vigna,et al.  Sensor-based intrusion detection for intra-domain distance-vector routing , 2002, CCS '02.

[52]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[53]  Fabio Roli,et al.  Ensemble learning for Intrusion Detection in Computer Networks , 2002 .

[54]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[55]  Dit-Yan Yeung,et al.  Parzen-window network intrusion detectors , 2002, Object recognition supported by user interaction for service robots.

[56]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[57]  Salvatore J. Stolfo,et al.  Adaptive Model Generation: An Architecture for Deployment of Data Mining-Based Intrusion Detection Systems , 2002 .

[58]  Vasant Honavar,et al.  Automated discovery of concise predictive rules for intrusion detection , 2002, J. Syst. Softw..

[59]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[60]  Philip S. Yu,et al.  Enhanced biclustering on expression data , 2003, Third IEEE Symposium on Bioinformatics and Bioengineering, 2003. Proceedings..

[61]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[62]  Dirk Ourston,et al.  Applications of hidden Markov models to detecting multi-stage network attacks , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[63]  Andrew H. Sung,et al.  Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques , 2003, Int. J. Digit. EVid..

[64]  Bart De Moor,et al.  Biclustering microarray data by Gibbs sampling , 2003, ECCB.

[65]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[66]  Dana Ron,et al.  A New Conceptual Clustering Framework , 2004, Machine Learning.

[67]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[68]  Philip K. Chan,et al.  Learning Rules and Clusters for Anomaly Detection in Network Traffic , 2005 .

[69]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[70]  Satinder Singh,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[71]  Stefan Axelsson A Preliminary Attempt to Apply Detection and Estimation Theory to Intrusion Detection , 2007 .