Title : 
Intrusion scenarios detection based on data mining
         
        
            Author : 
Ding, Yu-xin ; Wang, Hai-sen ; Liu, Qing-wei
         
        
            Author_Institution : 
Shenzhen Grad. Sch., Dept. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin
         
        
        
        
        
        
        
            Abstract : 
Traditional intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They canpsilat find logical relations among alerts. In addition, IDSpsilas accuracy is low, a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining method is used to find the attack scenarios. Firstly redundancy alerts are checked and deleted, then attack scenario patterns are mined by using the associate-rule algorithms which is an improved Apriori algorithm. These mined scenario patterns are used to find attack scenarios. In this paper 1999 DARPA intrusion detection scenario specific datasets are used as the experimental data and the corresponding results are shown. Compared with current scenario detection methods which depend on human knowledge to define attack scenarios, our methods use data mining method to find the scenarios automatically. Our experimental results demonstrate the potential of the proposed method.
         
        
            Keywords : 
data mining; security of data; 1999 DARPA; IDS; associate rule algorithms; data mining; human knowledge; improved Apriori algorithm; intrusion detection systems; intrusion response systems; intrusion scenarios detection; Computer science; Cybernetics; Data mining; Electronic mail; Filtering algorithms; Humans; Intrusion detection; Isolation technology; Machine learning; Redundancy; Data mining; Intrusion detection; Network; Scenario; security;
         
        
        
        
            Conference_Titel : 
Machine Learning and Cybernetics, 2008 International Conference on
         
        
            Conference_Location : 
Kunming
         
        
            Print_ISBN : 
978-1-4244-2095-7
         
        
            Electronic_ISBN : 
978-1-4244-2096-4
         
        
        
            DOI : 
10.1109/ICMLC.2008.4620604