Datamining Based Stratified Intrusion Detection
نویسندگان
چکیده
The intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They can’t find logical relations among alerts. In addition, IDS’s accuracy is low; a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining based clustering method is used to find the attack scenarios. Usually an attack consists of many steps in which corresponding alerts are generated, so we call each step is an attack scenario. In each step an attacker will perform a task to get certain target. The alerts generated in each step can be used as the feature of corresponding clustering approach.
منابع مشابه
Anomaly-based Intrusion Detection from Traffic Datamining on Internet Connections*
In this paper, we present a new datamining approach to generating frequent episode rules for the construction of anomaly-based, intrusion detection systems (IDS). These rules are derived from normal network traffic profiles. An anomaly is detected when the rule deviates significantly from the normal patterns. Three rule pruning techniques are devised to reduce the rule search space by 50-80%. T...
متن کاملEffectively Generating Frequent Episode Rules for Anomaly-based Intrusion Detection*
Datamining is a useful tool for building classifiers to distinguish intrusive behavior from normal network traffic. In this paper, we provide new pruning techniques for the reduction of frequent episode rules to build anomaly-based intrusion detection systems (IDS). This reduction is crucial to use datamining for anomaly detection of unknown attacks. Otherwise, the rule search space may escalat...
متن کاملProactive Intrusion Defense Against DDoS Flooding Attacks: Adaptive Filtering with Security Datamining – The NetShield Approach at USC*
The NetShield security system was developed at USC to defend against network worms and flood attacks. The system prevents malicious hackers from orchestrating DDoS flooding attacks on any IP-based public network. This article presents new packet filtering and anomaly detection techniques developed with the NetShield system. All packets from each IP source are counted and timed during their life...
متن کاملAnomaly Intrusion Detection by Internet Datamining of Traffic Episodes*
We present a new datamining approach to generating frequent episode rules for building anomaly-based, intrusion detection systems. The episode rules are generated to detect anomalous sequences of TCP, UDP, or ICMP connections, which deviate from normal traffic episodes. Rule pruning techniques are introduced to reduce the search space by 40-70%. The new method demonstrates its effectiveness in ...
متن کاملFrequent Episode Rules for Intrusive Anomaly Detection with Internet Datamining*
We present a new datamining scheme for building anomaly-based intrusion detection systems (IDS) in a network environment. Frequent episode rules are generated for anomaly detection. Several rulepruning laws are introduced to reduce the search space by up to 80% in anomaly detection. The new method demonstrates its effectiveness in detecting unknown network attacks embedded in traffic connection...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011