论文信息 - Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining

Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining

The continuous growth of computer networks, coupled with the increasing number of people relying upon information technology, has inevitably attracted both mischievous and malicious abusers. Such abuse may originate from both outside an organisation and from within, and will not necessarily be prevented by traditional authentication and access control mechanisms. Intrusion Detection Systems aim to overcome these weaknesses by continuously monitoring for signs of unauthorised activity. The techniques employed often involve the collection of vast amounts of auditing data to identify abnormalities against historical user behaviour profiles and known intrusion scenarios. The approach may be optimised using domain expertise to extract only the relevant information from the wealth available, but this can be time consuming and knowledge intensive. This paper examines the potential of Data Mining algorithms and techniques to automate the data analysis process and aid in the identification of system features and latent trends that could be used to profile user behaviour. It presents the results of a preliminary analysis and discusses the strategies used to capture and profile behavioural characteristics using data mining in the context of a conceptual Intrusion Monitoring System framework.

Steven Furnell | Harjit Singh | Paul Dowland | Benn Lines

[1] E. Amoroso. Intrusion Detection , 1999 .

[2] Christopher R. Westphal,et al. Data Mining Solutions: Methods and Tools for Solving Real-World Problems , 1998 .

[3] Salvatore J. Stolfo,et al. Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[4] Steven Furnell,et al. A conceptual architecture for real-time intrusion monitoring , 2000, Inf. Manag. Comput. Secur..

[5] Keith J. Jones,et al. 10th USENIX Security Symposium , 2001, login Usenix Mag..

[6] David J. Spiegelhalter,et al. Machine Learning, Neural and Statistical Classification , 2009 .

[7] R. Power. CSI/FBI computer crime and security survey , 2001 .

[8] Pieter Adriaans,et al. Data mining , 1996 .

[9] U. M. Feyyad. Data mining and knowledge discovery: making sense out of data , 1996 .

[10] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.

[11] Barak A. Pearlmutter,et al. Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12] Sholom M. Weiss,et al. Data Mining and Forecasting in Large-Scale Telecommunication Networks , 1996, IEEE Expert.

[13] Harold Joseph Highland,et al. The 17th NSCS abstructArtificial Intelligence and Intrusion Detection: Current and Future Directions : Jeremy Frank, University of California, Davis, CA , 1995 .