TOWARDS DATA MINING TEMPORAL PATTERNS FOR ANOMALY INTRUSION DETECTION SYSTEMS
DOI:
https://doi.org/10.47839/ijc.2.2.205Keywords:
IDS, Anomaly detection, DOS, DDOS, NIDSAbstract
A reasonably light-weight host and net-centric Network IDS architecture model is indicated. The model is anomaly based on a state-driven notion of “anomaly”. Therefore, the relevant distribution function need not remain constant; it could migrate from states to states without any a priori warning so long as its residency time at a next steady state is sufficiently long to make valid observations there. Only those intrusion events (basically DOS and DDOS variety) capable of triggering anomalous streams of attacks/response both near and/or far of target monitoring point(s) are considered at the first level of detection. At the next level of detection, the filtered states could be fine-combed in a batch mode to mine unacceptable strings of commands or known attack signatures.References
Wenke Lee, Salvatore J. Stolfo, Philip K. Chan, Eleazar Eskin, Wei Fan, Matthew Miller, Shlomo Hershkop, Junxin Zhang. Real Time Data Mining-based Intrusion Detection. Proc. Second DARPA Information Survivability Conference and Exposition.
Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Wei-Ang Lee, Salvatore Stolfo. Adaptive Model Generation for Intrusion Detection Systems (2000). Proceedings of the ACMCCS Workshop on Intrusion Detection and Prevention, Athens, Greece 2000.
Vern Paxon. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX 1998.
K. Ilgun, R. A. Kemmerer, P. A. Porras. State transition analysis: A rule-based intrusion detection approach, IEEE Transactions on Software Engineering 21 (3) (March 1995). pp. 181-199.
Sam Sengupta, Bruno Andriamanalimanana. Model abstractions for real-time network environment. Proceedings of SPIE, Vol. 4026, April 2000. pp. 212-220.
Sam Sengupta, Bruno Andriamanalimanana. Domain-size constraint on real-time model abstractions. Proceedings of SPIE, Vol. 4367, April 2001.
Mohammed J. Zaki. SPADE: An Efficient Algorithm for Mining Frequent Sequences, in Machine Learning Journal, special issue on Unsupervised Learning (Doug Fisher, ed.), Vol. 42 Nos. 1/2, Jan/Feb 2001. pp. 31-60.
http://www.silicondefense.com/spice. SPICE is the product of Silicon Defense.
Jack Koziol. Intrusion detection with Snort. SAM Publication.
Downloads
Published
How to Cite
Issue
Section
License
International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.