Rare Association Rule Mining for Network Intrusion Detection

نویسندگان

  • Hyeok Kong
  • Cholyong Jong
  • Unhyok Ryang
چکیده

In this paper, we propose a new practical association rule mining algorithm for anomaly detection in Intrusion Detection System (IDS). First, with a view of anomaly cases being relatively rarely occurred in network packet database, we define a rare association rule among infrequent itemsets rather than the traditional association rule mining method. And then, we discuss an interest measure to catch differences between interesting relations and uninteresting ones, and what interest there is, and develop a hash based rare association rule mining algorithm for finding rare, but useful anomaly patterns to user. Finally, we define a quantitative association rule in relational database, propose a practical algorithm to mine rare association rules from network packet database, and show advantages of it giving a concrete example. Our algorithm can be applied to fields need to mine hidden patterns which are rare, but valuable, like IDS, and it is based on hashing method among infrequent itemsets, so that it has obvious advantages of speed and memory space limitation problems over the traditional association rule mining algorithms.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Use of Genetic Algorithm with Fuzzy Class Association Rule Mining for Intrusion Detection

In today’s life Intrusion Detection System gain the attention, because of ability to detect the intrusion access efficiently and effectively as security is the major issue in networks. This system identifies attacks and reacts by generating alerts or blocking the unwanted data/traffic. Intrusion Detection System mainly classified as Anomaly based intrusion detection systems that have benefit of...

متن کامل

Finding Frequent Itemsets using Apriori Algorihm to Detect Intrusions in Large Dataset

With the growth of hacking and exploiting tools and invention of new ways of intrusion, Intrusion detection and prevention is becoming the major challenge in the world of network security. The increasing network traffic and data on Internet is making this task more demanding. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not ...

متن کامل

Reducing Network Intrusion Detection using Association rule and Classification algorithms

IDS (Intrusion Detection system) is an active and driving defense technology. This project mainly focuses on intrusion detection based on data mining. Data mining is to identify valid, novel, potentially useful, and ultimately understandable patterns in massive data. This project presents an approach to detect intrusion based on data mining frame work. Intrusion Detection System (IDS) is a popu...

متن کامل

Network Intrusion Detection Using Association Rules

Network intrusion detection includes identifying a set of malicious actions that compromise the integrity, confidentiality, and availability of information resources. The tremendous increase of novel cyber attacks has made data mining based intrusion detection techniques extremely useful in their detection. This paper describes a system that is able to detect network intrusion using association...

متن کامل

Mining Association Rules to Evade Network Intrusion in Network Audit Data

With the growth of hacking and exploiting tools and invention of new ways of intrusion, intrusion detection and prevention is becoming the major challenge in the world of network security. The increasing network traffic and data on Internet is making this task more demanding. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره abs/1610.04306  شماره 

صفحات  -

تاریخ انتشار 2016