Developing custom intrusion detection filters using data mining - MILCOM 2000. 21st Century Military Communications Conference Proceedings
نویسندگان
چکیده
One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion Detection systems look for unusual or suspicious activity, such as pattems of network trafic that are likely indicators of unauthorized activity. However, normal operation often produces trafic that matches likely “attack signatures”, resulting in false alarms. We are using data mining techniques to identify sequences of alarms that likely result from normal behavior, enabling construction of filters to eliminate those alarms. This can be done at low cost for specific environments, enabling the construction of customized intrusion detection filters. We present our approach, and preliminary results identifying common sequences in alarms from a particular environment.
منابع مشابه
Developing Custom Intrusion Detection Filters Using Data Mining
One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion Detection systems look for unusual or suspicious activity, such as pattems of network trafic that are likely indicators of unauthorized activity. However, normal operation often produces trafic that matches likely “attack signatures”, resulting in false alarms. We are using data mining techni...
متن کاملFuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection
We are developing a prototype intelligent intrusion detection system (IIDS) to demonstrate the effectiveness of data mining techniques that utilize fuzzy logic and genetic algorithms. This system combines both anomaly based intrusion detection using fuzzy data mining techniques and misuse detection using traditional rule-based expert system techniques. The anomaly-based components are developed...
متن کاملSecuring Cluster-heads in Wireless Sensor Networks by a Hybrid Intrusion Detection System Based on Data Mining
Cluster-based Wireless Sensor Network (CWSN) is a kind of WSNs that because of avoiding long distance communications, preserve the energy of nodes and so is attractive for related applications. The criticality of most applications of WSNs and also their unattended nature, makes sensor nodes often susceptible to many types of attacks. Based on this fact, it is clear that cluster heads (CHs) are ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملSurvey of Network Intrusion Detection Using K-Mean Algorithm
Intrusion Detection System (IDS) due to novel attack method or upgraded. Because many current IDSs are constructing by point instruction of professional knowledge, changes to IDSs are costly and slow. Intrusion detection techniques can be categorize into irregularity detection and mistreat detection. Anomaly detection systems, for example, IDES Intrusion detection systems (IDS) process large am...
متن کامل