Title :
A real-time network intrusion detection system based on incremental mining approach
Author :
Su, Ming-Yang ; Chang, Kai-Chi ; Wei, Hua-Fu ; Lin, Chun-Yuen
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Ming Chuan Univ., Taoyuan
Abstract :
The fuzzy association rule has been proven to be effective to present userspsila network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to fuzzy association rule can meet the real-time requirement because they all applied static mining approach. In the paper, we propose a real-time NIDS by incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack free packets, our system can make a decision per time unit, 2 seconds in the paper. Experiments have been done to demonstrate its excellent effectiveness and efficiency of the system.
Keywords :
data mining; fuzzy set theory; real-time systems; security of data; fuzzy association rule; incremental mining approach; real-time network intrusion detection system; static mining; Artificial intelligence; Association rules; Computer science; Data mining; Electronic mail; IP networks; Information analysis; Internet; Intrusion detection; Real time systems; Anomaly-based NIDS; Association Rules; Fuzzy Association Rules; Incremental Mining; Network Security; Online Mining; Real-Time NIDS;
Conference_Titel :
Intelligence and Security Informatics, 2008. ISI 2008. IEEE International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4244-2414-6
Electronic_ISBN :
978-1-4244-2415-3
DOI :
10.1109/ISI.2008.4565050
