Developing custom intrusion detection filters using data mining
暂无分享,去创建一个
One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion detection systems look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely "attack signatures", resulting in false alarms. We are using data mining techniques to identify sequences of alarms that likely result from normal behavior, enabling construction of filters to eliminate those alarms. This can be done at a low cost for specific environments, enabling the construction of customized intrusion detection filters. We present our approach, and preliminary results identifying common sequences in alarms from a particular environment.
[1] Sushil Jajodia,et al. Integrating Data Mining Techniques with Intrusion Detection Methods , 1999, DBSec.
[2] Charles Elkan,et al. Results of the KDD'99 classifier learning , 2000, SKDD.
[3] Chris Clifton,et al. Query flocks: a generalization of association-rule mining , 1998, SIGMOD '98.