Open Access Open Access  Restricted Access Subscription or Fee Access

A Systematic Framework for Analyzing Audit Data and Constructing Network ID Models

G. Mohammed Nazer, Dr. A. Arul Lawrence Selvakumar


Intrusion detection system (IDSs) plays a vital role in
the infrastructure protection mechanisms and these systems have to be accurate, adaptive and extensible. As the requirements and the
complexities of today‟s network environment is becoming more and more, we need a more adaptive framework and automated IDS
development process. This article describes a systematic data mining framework for constructing intrusion detection models. We propose to use the association rules and frequent episodes collected from audit
data and to use these as basis for guiding the audit data gathering and feature selection processes. Our experiments on DARPA training audit data of network transmission activities showed that classification
models can detect intrusions automatically in a more accurate way. We modify the two basic algorithms to use axis attribute(s) and variable
attribute(s) to compute the relevant patterns. We use meta-learning as a mechanism to make IDs models more effective and adaptive. We report our experiment‟s results in using our framework on real-world audit data.


Intrusion Detection, Classification, Audit Data, Association Rules, Frequent Episodes.

Full Text:



G. Mohammed Nazer and A.Arul Lawrence Selvakumar. Current

Intrusion Detection Techniques in Information Technology- A Detailed

Analysis, European Journal of Scientific Research, Vol. 65, No. 4, pages

-624, November 2011.

Teresa F. Lunt. Detecting intruders in computer systems. In Proceedings

of the 1993 Conference on Auditing and Computer Technology, 1993.

K. Ilgun, R. A. Kemmerer and P. A. Porras. State transition analysis: A

rule-based intrusion detection approach. IEEE Transactions on Software

Engineering, 21(3): 181-199, March 1995.

S. Kumar and E. H. Spafford. A software architecture to support misuse

intrusion detection. In Proceedings of the 18th National Information

Security Conference, Pages 194-204, 1995.

W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection.

In Proceedings of the 7th USENIX Security Symposium, San Antonio,

TX, January 1998.

P.K. Chan and S. J. Stolfo. Toward parallel and distributed learning by

meta-learning. In AAAI Workshop in Knowledge Discovery in

Databases, pp 227-240, 1993.

R. Agrawal, T. Imielinski and A. Swami. Mining association rules

between sets of items in large databases. In Proceedings of the ACM

SIGMOD Conference on Management of Data, pp 207-216, 1993.

H. Mannila, H. Toivonen and A. I. Verkamo. Discovering frequent

episodes in sequences. In Proceedings of the First International

Conference on Knowledge Discovery in Databases and Data Mining,

Montreal, Canada, August 1995.

G. Mohammed Nazer and A.Arul Lawrence Selvakumar. Intelligent Data

Mining Techniques for Intrusion Detection Models on Network,

European Journal of Scientific Research, Vol. 71, No. 1, pages 36-45,

February 2012.

W. W. Cohen. Fast effective rule induction in Machine Learning, The

th International Conference, Lake Taho, CA, 1995.

Tom Fawcett and Foster Provost. Adaptive fraud detection, Data Mining

and Knowledge Discovery, 1 pp:291-316, 1997

M. Klemettinen, H. Mannila, P. Ronkainen, H. Toivonen and A.I.

Verkamo. Finding interesting rules from large sets of discovered

association rules. In Proceedings of the Third International Conference on

Information and Knowledge Management (CIKM‟94), pages 401-407,

Gainthersburg, MD, 1994.

R. Srikant, Q. Vu and R. Agarwal. Mining association rules with item

constraints. In Proceedings of the 3rd International Conference on

Knowledge Discovery and Data Mining, pages 67-73, Newport Beach,

California, August 1997, AAAI Press.

J. Han and Y. Fu. Discovery of multiple-level association rules from large

databases. In Proceedings of the 21th VLDB Conference, Zurich,

Switzerland, 1995.

S. Forrest, S. A. Hofmeyr, A. Somayaji and T.A. Longstaff. A sense of

self for unix process. In Proceedings of the 1996 IEEE Symposium on

Security and Privacy, pages 120-128, Los Alamitos, CA, 1996. IEEE

Computer Society Press

T. lane and C.E. Brodley. Sequence matching and learning in anomaly

detection for computer security. In AAAI Workshop, AI Approaches to

Fraud Detection and Risk Management, Pages 43-49, AAAI Press.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.