A dynamic data mining technique for intrusion detection systems

In today's interconnected world of computer networks, there exists a need to provide secure and safe transactions through the use of firewalls, Intrusion Detection Systems (IDSs), encryption, authentication, and other hardware and software solutions. Many IDS variants exist which allow security managers and engineers to identify attack network packets primarily through the use of signature detection; i.e., the IDS "recognizes" attack packets due to their well-known "fingerprints" or signatures as those packets cross the network's gateway threshold. On the other hand, anomaly-based ID systems determine what is normal traffic within a network and reports abnormal traffic behavior. We report the findings of our research in the area of anomaly-based intrusion detection systems using data-mining techniques described in section 3.3 to create a decision tree model of our network using the 1999 DARPA Intrusion Detection Evaluation data set. After the model was created, we gathered more data from our local campus network and ran the new data through the model.

[1]  J. P. Ed,et al.  Transmission control protocol- darpa internet program protocol specification , 1981 .

[2]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Lee M. Rossey,et al.  Extending the DARPA off-line intrusion detection evaluations , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[5]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[6]  Alberto Leon-Garcia,et al.  Communication Networks: Fundamental Concepts and Key Architectures , 1999 .

[7]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[8]  William H. Allen,et al.  Analysis, detection, and modeling of attacks in computer communication networks , 2003 .

[9]  Sung Wook Baik,et al.  Application of a distributed data mining approach to network intrusion detection , 2002, AAMAS '02.

[10]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[11]  Philip K. Chan,et al.  Learning Rules and Clusters for Anomaly Detection in Network Traffic , 2005 .

[12]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[13]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[14]  Stephen Northcutt,et al.  Intrusion Signatures and Analysis , 2001 .