Title :
Developing custom intrusion detection filters using data mining
Author :
Clifton, Chris ; Gengo, Gary
Author_Institution :
MITRE Corp., Bedford, MA, USA
Abstract :
One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion detection systems look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely “attack signatures”, resulting in false alarms. We are using data mining techniques to identify sequences of alarms that likely result from normal behavior, enabling construction of filters to eliminate those alarms. This can be done at a low cost for specific environments, enabling the construction of customized intrusion detection filters. We present our approach, and preliminary results identifying common sequences in alarms from a particular environment
Keywords :
alarm systems; data mining; military communication; safety systems; security of data; telecommunication security; telecommunication traffic; alarm sequences identification; attack signatures; custom intrusion detection filters; data mining; false alarms; intrusion detection systems; military network; network traffic patterns; secure networks; unauthorized activity; Bandwidth; Costs; Data mining; Face detection; Filters; Information filtering; Intrusion detection; Pattern matching; Robustness; Telecommunication traffic;
Conference_Titel :
MILCOM 2000. 21st Century Military Communications Conference Proceedings
Conference_Location :
Los Angeles, CA
Print_ISBN :
0-7803-6521-6
DOI :
10.1109/MILCOM.2000.904991
