Title :
Using data mining to discover signatures in network-based intrusion detection
Author :
Han, Hong ; Lu, Xian Liang ; Ren, Li Yong
Author_Institution :
Dept. of Comput. Sci., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
In network-based intrusion detection, signatures discovery is an important issue, since the performance of an intrusion detection system heavily depends on accuracy and abundance of signatures. In most cases, we have to find these signatures manually. This is a time-consuming and error-prone work. We present a data mining method based on an approach to support signature discovery in a network-based intrusion detection system, which generates signatures for a misuse detection intrusion detection system (IDS) not only depending on associations of attributes of the transfer protocol, but also on the content of traffic. Until now, no paper has studied how to mine content of traffic to generate signatures for an IDS. Our work allows people to find signatures of an intrusion easily and provides a third party IDS (for example, Snort) with candidate signatures. In order to discover signatures, we present an algorithm called Signature Apriori. An experimental system named SigSniffer has been implemented to test the feasibility of the proposed approach.
Keywords :
computer network management; data mining; security of data; SigSniffer; Signature Apriori; Snort; data mining; misuse detection; network-based intrusion detection; signatures discovery; traffic content; transfer protocol; Computer science; Data mining; Electronic mail; Intelligent networks; Intrusion detection; Monitoring; Operating systems; Protocols; System testing; Telecommunication traffic;
Conference_Titel :
Machine Learning and Cybernetics, 2002. Proceedings. 2002 International Conference on
Print_ISBN :
0-7803-7508-4
DOI :
10.1109/ICMLC.2002.1176698
