Forensic Data Mining: Finding Intrusion Patterns in Evidentiary Data
نویسندگان
چکیده
In The extensive growth of computing networks and tools and tricks for intruding into and attacking networks has underscored the importance of intrusion detection in network security. Yet, contemporary intrusion detection systems (IDS) are limiting in that they typically employ a misuse detection strategy, with searches for patterns of program or user behavior that match known intrusion scenarios, or signatures. Accordingly, there is a need for more robust and adaptive methods for designing and updating intrusion detection systems. One promising approach is the use of data mining methods for discovering intrusion patterns. Discovered patterns and profiles can be translated into classifiers for detecting deviations from normal usage patterns. Among promising mining methods are association rules, link analysis, and rule-induction algorithms. Our particular contribution is a unique approach to combining association rules with link analysis and a rule-induction algorithm to augment intrusion detection systems.
منابع مشابه
A Review on Data Generation for Digital Forensic Investigation using Data Mining
Digital forensic is part of forensic science that unconditionally covers cyber crimes. In a cyber crime digital forensic evidence examination requires a special process and techniques in examination of cyber crime in crime scene and examination of evidence are accepted in law enforcement. Cyber crime involves log data, transactional data is occurs which tends to plenty of data for storage and a...
متن کاملData Mining for Security Applications
This is a summary of discussions at Workshop on Data Mining for Security Applications CCS’01, PA. In this document data mining takes a broad meaning which may, sometimes, include machine learning (ML) and artificial intelligence (AI). Furthermore, forensics and intrusion detection are interchangeable in some contexts. Please note it is beyond the scope of our discussions to provide better defin...
متن کاملThe Application of Intrusion Detection Systems in a Forensic Environment
Over the past three or four years there has been some controversy regarding the applicability of intrusion detection systems (IDS) to the forensic evidence collection process. Two points of view, essentially, have emerged. One perspective views forensic evidence collection and preservation in the case of a computer or network security incident to be inappropriate for an intrusion detection syst...
متن کاملA Novel Similar Temporal System Call Pattern Mining for Efficient Intrusion Detection
Software security pattern mining is the recent research interest among researchers working in the areas of security and data mining. When an application runs, several process and system calls associated are invoked in background. In this paper, the major objective is to identify the intrusion using temporal pattern mining. The idea is to find normal temporal system call patterns and use these p...
متن کاملFinding Frequent Itemsets using Apriori Algorihm to Detect Intrusions in Large Dataset
With the growth of hacking and exploiting tools and invention of new ways of intrusion, Intrusion detection and prevention is becoming the major challenge in the world of network security. The increasing network traffic and data on Internet is making this task more demanding. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not ...
متن کامل