Fuzzy Frequent Episodes for Real-time Intrusion Detection
نویسندگان
چکیده
Data mining methods including association rule mining and frequent episode mining have been applied to the intrusion detection problem. In other work, we have introduced modifications of these methods that mine fuzzy association rules and fuzzy frequent episodes and have described off-line methods that utilize these fuzzy methods for anomaly detection from audit data. In this paper we describe another extension that uses fuzzy frequent episodes for near real-time intrusion detection. We first define fuzzy frequent episodes and then describe experiments that explore their applicability for realtime intrusion detection. Experimental results indicate that fuzzy frequent episodes can provide effective approximate anomaly detection.
منابع مشابه
An Intrusion-Detection Model based on Fuzzy Frequent Episodes using Probability Distribution
Intrusion detection (IDS) is a computer based information system designed to collect information about malicious activities in a set of targeted IT resources, analyze the information and respond to a predefined security policy. This paper describes a fuzzy frequency episodes and probabilistic classification for detecting intrusions in a network. There are two main reasons for introducing fuzzy ...
متن کاملINTEGRATING FUZZY LOGIC WITH DATA MINING METHODS FOR INTRUSION DETECTION By
This report explores integrating fuzzy logic with two data mining methods (association rules and frequency episodes) for intrusion detection. Data mining methods are capable of extracting patterns automatically from a large amount of data. The integration with fuzzy logic can produce more abstract and flexible patterns for intrusion detection, since many quantitative features are involved in in...
متن کاملMining fuzzy association rules and fuzzy frequency episodes for intrusion detection
Lee, Stolfo, and Mok have previously reported the use of association rules and frequency episodes for mining audit data to gain knowledge for intrusion detection. The integration of association rules and frequency episodes with fuzzy logic can produce more abstract and flexible patterns for intrusion detection, since many quantitative features are involved in intrusion detection and security it...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAnomaly Intrusion Detection by Internet Datamining of Traffic Episodes*
We present a new datamining approach to generating frequent episode rules for building anomaly-based, intrusion detection systems. The episode rules are generated to detect anomalous sequences of TCP, UDP, or ICMP connections, which deviate from normal traffic episodes. Rule pruning techniques are introduced to reduce the search space by 40-70%. The new method demonstrates its effectiveness in ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001