Title :
Towards data mining temporal patterns for anomaly intrusion detection systems
Author :
Sengupta, Sam ; Andriamanalimanana, Bruno ; Card, Stuart W. ; Kadam, Pradnya ; Ranwadkar, Saket ; Das, Kaustav ; Parikh, Sagar
Author_Institution :
Inst. of Technol., State Univ. of New York, Utica, NY
Abstract :
A reasonably light-weight host and net-centric network IDS architecture model is indicated. The model is anomaly based on a state-driven notion of "anomaly". Therefore, the relevant distribution function need not remain constant; it could migrate from states to states without any a priori warning so long as its residency time at a next steady state is sufficiently long to make valid observations there. Only those intrusion events (basically DOS and DDOS variety) capable of triggering anomalous streams of attacks/response both near and/or far of target monitoring point(s) are considered at the first level of detection. At the next level of detection, the filtered states could be fine-combed in a batch mode to mine unacceptable strings of commands or known attack signatures
Keywords :
computer crime; data mining; safety systems; DOS; anomaly detection; data mining; distribution function; intrusion detection system; network IDS architecture; temporal pattern; Data mining; Event detection; Information resources; Information technology; Internet; Intrusion detection; Monitoring; Protection; Telecommunication traffic; Traffic control;
Conference_Titel :
Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2003. Proceedings of the Second IEEE International Workshop on
Conference_Location :
Lviv
Print_ISBN :
0-7803-8138-6
DOI :
10.1109/IDAACS.2003.1249550
