Data mining for intrusion detection

Author

Dihua, Liu ; Hongzhi, Wang ; Xiumei, Wang

Author_Institution

Dept. of Comput., Jilin Inst. of Technol., Changchun, China

Volume

5

fYear

2001

fDate

2001

Firstpage

7

Abstract

This paper presents an approach to detect intrusion based on a data mining framework. In the framework, intrusion detection is thought of as a classification. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. We provide the results from experiments in using classification on real world traffic data

Keywords

auditing; authorisation; data mining; feature extraction; pattern classification; telecommunication security; anomaly detection; auditing programs; classification; data mining; feature extraction; host session; intrusion detection; misuse detection; network connection; network security; real world traffic data; Computer network reliability; Computer networks; Data mining; Data security; Expert systems; Humans; Information security; Intrusion detection; Monitoring; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Info-tech and Info-net, 2001. Proceedings. ICII 2001 - Beijing. 2001 International Conferences on

Conference_Location

Beijing

Print_ISBN

0-7803-7010-4

Type

conf

DOI

10.1109/ICII.2001.983486

Filename

983486