A Systematic Framework for Analyzing Audit Data and Constructing Network ID Models
Intrusion detection system (IDSs) plays a vital role in
the infrastructure protection mechanisms and these systems have to be accurate, adaptive and extensible. As the requirements and the
complexities of today‟s network environment is becoming more and more, we need a more adaptive framework and automated IDS
development process. This article describes a systematic data mining framework for constructing intrusion detection models. We propose to use the association rules and frequent episodes collected from audit
data and to use these as basis for guiding the audit data gathering and feature selection processes. Our experiments on DARPA training audit data of network transmission activities showed that classification
models can detect intrusions automatically in a more accurate way. We modify the two basic algorithms to use axis attribute(s) and variable
attribute(s) to compute the relevant patterns. We use meta-learning as a mechanism to make IDs models more effective and adaptive. We report our experiment‟s results in using our framework on real-world audit data.
G. Mohammed Nazer and A.Arul Lawrence Selvakumar. Current
Intrusion Detection Techniques in Information Technology- A Detailed
Analysis, European Journal of Scientific Research, Vol. 65, No. 4, pages
-624, November 2011.
Teresa F. Lunt. Detecting intruders in computer systems. In Proceedings
of the 1993 Conference on Auditing and Computer Technology, 1993.
K. Ilgun, R. A. Kemmerer and P. A. Porras. State transition analysis: A
rule-based intrusion detection approach. IEEE Transactions on Software
Engineering, 21(3): 181-199, March 1995.
S. Kumar and E. H. Spafford. A software architecture to support misuse
intrusion detection. In Proceedings of the 18th National Information
Security Conference, Pages 194-204, 1995.
W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection.
In Proceedings of the 7th USENIX Security Symposium, San Antonio,
TX, January 1998.
P.K. Chan and S. J. Stolfo. Toward parallel and distributed learning by
meta-learning. In AAAI Workshop in Knowledge Discovery in
Databases, pp 227-240, 1993.
R. Agrawal, T. Imielinski and A. Swami. Mining association rules
between sets of items in large databases. In Proceedings of the ACM
SIGMOD Conference on Management of Data, pp 207-216, 1993.
H. Mannila, H. Toivonen and A. I. Verkamo. Discovering frequent
episodes in sequences. In Proceedings of the First International
Conference on Knowledge Discovery in Databases and Data Mining,
Montreal, Canada, August 1995.
G. Mohammed Nazer and A.Arul Lawrence Selvakumar. Intelligent Data
Mining Techniques for Intrusion Detection Models on Network,
European Journal of Scientific Research, Vol. 71, No. 1, pages 36-45,
W. W. Cohen. Fast effective rule induction in Machine Learning, The
th International Conference, Lake Taho, CA, 1995.
Tom Fawcett and Foster Provost. Adaptive fraud detection, Data Mining
and Knowledge Discovery, 1 pp:291-316, 1997
M. Klemettinen, H. Mannila, P. Ronkainen, H. Toivonen and A.I.
Verkamo. Finding interesting rules from large sets of discovered
association rules. In Proceedings of the Third International Conference on
Information and Knowledge Management (CIKM‟94), pages 401-407,
Gainthersburg, MD, 1994.
R. Srikant, Q. Vu and R. Agarwal. Mining association rules with item
constraints. In Proceedings of the 3rd International Conference on
Knowledge Discovery and Data Mining, pages 67-73, Newport Beach,
California, August 1997, AAAI Press.
J. Han and Y. Fu. Discovery of multiple-level association rules from large
databases. In Proceedings of the 21th VLDB Conference, Zurich,
S. Forrest, S. A. Hofmeyr, A. Somayaji and T.A. Longstaff. A sense of
self for unix process. In Proceedings of the 1996 IEEE Symposium on
Security and Privacy, pages 120-128, Los Alamitos, CA, 1996. IEEE
Computer Society Press
T. lane and C.E. Brodley. Sequence matching and learning in anomaly
detection for computer security. In AAAI Workshop, AI Approaches to
Fraud Detection and Risk Management, Pages 43-49, AAAI Press.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.