TOWARDS DATA MINING TEMPORAL PATTERNS FOR ANOMALY INTRUSION DETECTION SYSTEMS

Authors

  • Sam Sengupta
  • Bruno Andriamanalimanana
  • Stuart W. Card
  • Pradnya Kadam
  • Saket Ranwadkar
  • Kaustav Das
  • Sagar Parikh

DOI:

https://doi.org/10.47839/ijc.2.2.205

Keywords:

IDS, Anomaly detection, DOS, DDOS, NIDS

Abstract

A reasonably light-weight host and net-centric Network IDS architecture model is indicated. The model is anomaly based on a state-driven notion of “anomaly”. Therefore, the relevant distribution function need not remain constant; it could migrate from states to states without any a priori warning so long as its residency time at a next steady state is sufficiently long to make valid observations there. Only those intrusion events (basically DOS and DDOS variety) capable of triggering anomalous streams of attacks/response both near and/or far of target monitoring point(s) are considered at the first level of detection. At the next level of detection, the filtered states could be fine-combed in a batch mode to mine unacceptable strings of commands or known attack signatures.

References

Wenke Lee, Salvatore J. Stolfo, Philip K. Chan, Eleazar Eskin, Wei Fan, Matthew Miller, Shlomo Hershkop, Junxin Zhang. Real Time Data Mining-based Intrusion Detection. Proc. Second DARPA Information Survivability Conference and Exposition.

Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Wei-Ang Lee, Salvatore Stolfo. Adaptive Model Generation for Intrusion Detection Systems (2000). Proceedings of the ACMCCS Workshop on Intrusion Detection and Prevention, Athens, Greece 2000.

Vern Paxon. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX 1998.

K. Ilgun, R. A. Kemmerer, P. A. Porras. State transition analysis: A rule-based intrusion detection approach, IEEE Transactions on Software Engineering 21 (3) (March 1995). pp. 181-199.

Sam Sengupta, Bruno Andriamanalimanana. Model abstractions for real-time network environment. Proceedings of SPIE, Vol. 4026, April 2000. pp. 212-220.

Sam Sengupta, Bruno Andriamanalimanana. Domain-size constraint on real-time model abstractions. Proceedings of SPIE, Vol. 4367, April 2001.

Mohammed J. Zaki. SPADE: An Efficient Algorithm for Mining Frequent Sequences, in Machine Learning Journal, special issue on Unsupervised Learning (Doug Fisher, ed.), Vol. 42 Nos. 1/2, Jan/Feb 2001. pp. 31-60.

http://www.silicondefense.com/spice. SPICE is the product of Silicon Defense.

Jack Koziol. Intrusion detection with Snort. SAM Publication.

Downloads

Published

2014-08-01

How to Cite

Sengupta, S., Andriamanalimanana, B., Card, S. W., Kadam, P., Ranwadkar, S., Das, K., & Parikh, S. (2014). TOWARDS DATA MINING TEMPORAL PATTERNS FOR ANOMALY INTRUSION DETECTION SYSTEMS. International Journal of Computing, 2(2), 52-57. https://doi.org/10.47839/ijc.2.2.205

Issue

Section

Articles