Title :
An architecture for mining the Egyptian e-government network traffic for intrusion detection
Author :
Riad, A.M. ; Fahmy, Mervat M. ; El-Sharkawy, M.A.
Author_Institution :
Fac. of Comput. & Inf. Sci., Mansoura Univ.
Abstract :
This paper presents MEGNTID; an architecture for mining the Egyptian e-government network traffic for intrusion detection. This architecture adapts a layering approach to detect intrusions, where known attacks are detected at a global layer defined for the Egyptian e-government network (EEGN) as a whole and normal behavior is filtered out at a local layer defined for each ministry´s site. Clustering is used to focus the analysis on the remaining suspicious activity and identify whether it represents new intrusive or normal behavior. This architecture is intended to detect intrusions in real-time, achieve low false alarm rates, and continuously adapt to the environment changes and emergence of new intrusive behavior. The implementation plan is discussed at the end of the paper
Keywords :
government; security of data; telecommunication traffic; Egyptian e-government network traffic; MEGNTID; false alarm rates; intrusion detection; Computer networks; Computerized monitoring; Data analysis; Data mining; Electronic government; Event detection; Intrusion detection; Protection; Scalability; Telecommunication traffic;
Conference_Titel :
Information and Communications Technology, 2005. Enabling Technologies for the New Knowledge Society: ITI 3rd International Conference on
Conference_Location :
Cairo
Print_ISBN :
0-7803-9270-1
DOI :
10.1109/ITICT.2005.1609654
