• DocumentCode
    2894745
  • Title

    Developing custom intrusion detection filters using data mining

  • Author

    Clifton, Chris ; Gengo, Gary

  • Author_Institution
    MITRE Corp., Bedford, MA, USA
  • Volume
    1
  • fYear
    2000
  • fDate
    2000
  • Firstpage
    440
  • Abstract
    One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion detection systems look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely “attack signatures”, resulting in false alarms. We are using data mining techniques to identify sequences of alarms that likely result from normal behavior, enabling construction of filters to eliminate those alarms. This can be done at a low cost for specific environments, enabling the construction of customized intrusion detection filters. We present our approach, and preliminary results identifying common sequences in alarms from a particular environment
  • Keywords
    alarm systems; data mining; military communication; safety systems; security of data; telecommunication security; telecommunication traffic; alarm sequences identification; attack signatures; custom intrusion detection filters; data mining; false alarms; intrusion detection systems; military network; network traffic patterns; secure networks; unauthorized activity; Bandwidth; Costs; Data mining; Face detection; Filters; Information filtering; Intrusion detection; Pattern matching; Robustness; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    MILCOM 2000. 21st Century Military Communications Conference Proceedings
  • Conference_Location
    Los Angeles, CA
  • Print_ISBN
    0-7803-6521-6
  • Type

    conf

  • DOI
    10.1109/MILCOM.2000.904991
  • Filename
    904991
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2894745