Implementation of sequence patterns mining in network intrusion detection system

Author

Xiang-Rong, Yang ; Qin-bao, Song ; Jun-Yi, Shen

Author_Institution

Dept. of Comput. Sci. & Technol., Xi´´an Jiaotong Univ., China

Volume

5

fYear

2001

fDate

2001

Firstpage

19

Abstract

In this paper we present a frequent sequence pattern mining-based algorithm used for network intrusion detection, which is an application and extension of the SPADE algorithm. It is based on the idea that much behavior on the network appears as sequences of activities, according to the sequence patterns we computed, we can construct the intrusion rule base and legal action rule base, then we can detect known and novel intrusion activities by rule matching. In addition, when the system is running, we use an incremental sequence pattern mining algorithm to complement the rule library in order to avoid re-executing the algorithm on the entire dataset, thereby reducing execution time. The experimental results indicate that this algorithm is efficient enough to meet the needs for active detection of intrusion. Compared with most existing methods used in commercial systems which are built using purely knowledge engineering approaches, our algorithm is more intelligent and adaptive

Keywords

authorisation; computer network management; data mining; telecommunication security; SPADE algorithm; active detection; computer information security; incremental sequence pattern mining; intrusion rule base; legal action rule base; network intrusion detection; rule matching; Application software; Change detection algorithms; Computer networks; Computer science; Information security; Intrusion detection; Knowledge engineering; Law; Legal factors; Transaction databases;

fLanguage

English

Publisher

ieee

Conference_Titel

Info-tech and Info-net, 2001. Proceedings. ICII 2001 - Beijing. 2001 International Conferences on

Conference_Location

Beijing

Print_ISBN

0-7803-7010-4

Type

conf

DOI

10.1109/ICII.2001.983488

Filename

983488