论文信息 - A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING

A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING

The goal of a network-based intrusion detection system (IDS) is to identify patterns of known intrusions (misuse detection) or to differentiate anomalous network activity from normal network traffic (anomaly detection). Data mining methods have been used to build automatic intrusion detection systems based on anomaly detection. The goal is to characterize the normal system activities with a profile by applying mining algorithms to audit data so that abnormal intrusive activities can be detected by comparing the current activities with the profile. A major difficulty of any anomaly-based intrusion detection system is that patterns of normal behavior change over time and the system must be retrained. An IDS must be able to adapt to these changes, and be able to distinguish these changes in normal behavior from intrusive behavior. The goal of this paper is to provide a general framework for an adaptive anomaly detection module that utilizes fuzzy association rule mining.

Susan M. Bridges | Mahmood Hossain

[1] Hannu Toivonen,et al. Sampling Large Databases for Association Rules , 1996, VLDB.

[2] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.

[3] Salvatore J. Stolfo,et al. Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[4] David Wai-Lok Cheung,et al. A General Incremental Technique for Maintaining Discovered Association Rules , 1997, DASFAA.

[5] Aurobindo Sundaram,et al. An introduction to intrusion detection , 1996, CROS.

[6] Jiawei Han,et al. Maintenance of discovered association rules in large databases: an incremental updating technique , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[7] Susan M. Bridges,et al. Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[8] Susan M. Bridges,et al. FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[9] Tomasz Imielinski,et al. Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.