Adaptive intrusion detection with data mining

Author

Hossain, Mahmood ; Bridges, Susan M. ; Vaughn, Rayford B., Jr.

Author_Institution

Dept. of Comput. Sci. & Eng., Mississippi State Univ., MS, USA

Volume

4

fYear

2003

fDate

5-8 Oct. 2003

Firstpage

3097

Abstract

A major constraint of an anomaly-based intrusion detection system (IDS) lies in its inability to adapt to distinguish these changes from intrusive behavior. To overcome these obstacles, the normal profile must be updated at regular intervals. The naive approach of exhaustively recomputing the normal profile is often not viable and can incorporate patterns of intrusive behavior as normal. We address technical issues and present an adaptive data mining framework for anomaly detection. We employ a sliding window approach and use only the audit data inside that sliding window to update the profile. Instead of performing an exhaustive update, we use some heuristics to decide when to update. Experimental results using real network traffic data (containing simulated intrusion attacks) demonstrate the effectiveness of the proposed framework.

Keywords

adaptive systems; data mining; fuzzy set theory; heuristic programming; safety systems; security of data; user interfaces; adaptive data mining framework; anomaly-based intrusion detection system; audit data; fuzzy association; heuristics; intrusive behavior; real network traffic data; simulated intrusion attacks; sliding window approach; Association rules; Bridges; Buffer overflow; Computer science; Data mining; Databases; Floods; Intrusion detection; Laboratories; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems, Man and Cybernetics, 2003. IEEE International Conference on

ISSN

1062-922X

Print_ISBN

0-7803-7952-7

Type

conf

DOI

10.1109/ICSMC.2003.1244366

Filename

1244366