• DocumentCode
    2788388
  • Title

    Intrusion scenarios detection based on data mining

  • Author

    Ding, Yu-xin ; Wang, Hai-sen ; Liu, Qing-wei

  • Author_Institution
    Shenzhen Grad. Sch., Dept. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin
  • Volume
    3
  • fYear
    2008
  • fDate
    12-15 July 2008
  • Firstpage
    1293
  • Lastpage
    1297
  • Abstract
    Traditional intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They canpsilat find logical relations among alerts. In addition, IDSpsilas accuracy is low, a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining method is used to find the attack scenarios. Firstly redundancy alerts are checked and deleted, then attack scenario patterns are mined by using the associate-rule algorithms which is an improved Apriori algorithm. These mined scenario patterns are used to find attack scenarios. In this paper 1999 DARPA intrusion detection scenario specific datasets are used as the experimental data and the corresponding results are shown. Compared with current scenario detection methods which depend on human knowledge to define attack scenarios, our methods use data mining method to find the scenarios automatically. Our experimental results demonstrate the potential of the proposed method.
  • Keywords
    data mining; security of data; 1999 DARPA; IDS; associate rule algorithms; data mining; human knowledge; improved Apriori algorithm; intrusion detection systems; intrusion response systems; intrusion scenarios detection; Computer science; Cybernetics; Data mining; Electronic mail; Filtering algorithms; Humans; Intrusion detection; Isolation technology; Machine learning; Redundancy; Data mining; Intrusion detection; Network; Scenario; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Cybernetics, 2008 International Conference on
  • Conference_Location
    Kunming
  • Print_ISBN
    978-1-4244-2095-7
  • Electronic_ISBN
    978-1-4244-2096-4
  • Type

    conf

  • DOI
    10.1109/ICMLC.2008.4620604
  • Filename
    4620604