Abstract :
Anomaly detection in IP networks, detection of deviations from what is considered normal, is an important complement to misuse detection based on known attack descriptions. Anomaly detection is at present time often implemented to some extent in available intrusion detection products. Still much effort is spent on anomaly detection research and many problems remains to be explored. Performing anomaly detection in real-time places hard requirements on the algorithms used. First, to deal with the massive data volumes one needs to have efficient data structures and indexing mechanisms. Secondly, the dynamic nature of today´s information networks makes the characterization of normal requests and services difficult. What is considered as normal during some time interval may be classified as abnormal in a new context, and vice versa. These factors make many proposed data mining techniques less suitable for real-time intrusion detection. ADWICE (anomaly detection with fast incremental clustering) uses incremental clustering and an integrated grid-based index to implement fast, scalable and adaptive anomaly detection.
Keywords :
IP networks; data mining; information networks; security of data; IP networks; attack descriptions; data mining; data structures; incremental clustering; information networks; integrated grid-based index; real-time intrusion detection; Collaborative work; Conferences; Data mining; Data structures; IP networks; Indexing; International collaboration; Intrusion detection; Laboratories; Real time systems;
