Entropy based intrusion detection

An intrusion detection system is an important component in protecting computer security. Most of the current commercially available intrusion detection systems use signature-based rules to detect attacks. A serious defect-with this approach is that it only detects attacks that have been seen previously. It cannot detect newly encountered attacks. As a means to overcome this defect, various research has been undertaken using data mining to automatically detect newly encountered attacks. Our research follows this approach. However, we propose the use of an entropy based data mining method without using the APRIORI based data mining method which is commonly used in the previous research on intrusion detection. Because the results of APRIORI are noisy, post-processing of its results are necessary. However, the use of entropy alleviates this defect.

[1]  Hiroshi Motoda,et al.  Machine Learning Techniques to Make Computers Easier to Use , 1997, IJCAI.

[2]  Erland Jonsson,et al.  Anomaly-based intrusion detection: privacy concerns and other problems , 2000, Comput. Networks.

[3]  Wynne Hsu,et al.  Pruning and summarizing the discovered associations , 1999, KDD '99.

[4]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[5]  Hiroshi Motoda,et al.  Graph-based induction as a unified learning framework , 1994, Applied Intelligence.

[6]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.

[7]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[8]  Ulrich Güntzer,et al.  Algorithms for association rule mining — a general survey and comparison , 2000, SKDD.

[9]  Raman K. Mehra,et al.  Detection and classification of intrusions and faults using sequences of system calls , 2001, SGMD.

[10]  Philip S. Yu,et al.  Scoring the Data Using Association Rules , 2003, Applied Intelligence.

[11]  Jian Pei,et al.  CMAR: accurate and efficient classification based on multiple class-association rules , 2001, Proceedings 2001 IEEE International Conference on Data Mining.

[12]  Padhraic Smyth,et al.  An Information Theoretic Approach to Rule Induction from Databases , 1992, IEEE Trans. Knowl. Data Eng..

[13]  Roberto J. Bayardo,et al.  Mining the most interesting rules , 1999, KDD '99.

[14]  Wei Fan,et al.  Mining system audit data: opportunities and challenges , 2001, SGMD.

[15]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[16]  Ke Wang,et al.  Growing decision trees on support-less association rules , 2000, KDD '00.

[17]  Stefanos Manganaris,et al.  A Data Mining Analysis of RTID Alarms , 2000, Recent Advances in Intrusion Detection.

[18]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[19]  Salvatore J. Stolfo,et al.  Data mining-based intrusion detectors: an overview of the columbia IDS project , 2001, SGMD.