Title :
Adaptive intrusion detection with data mining
Author :
Hossain, Mahmood ; Bridges, Susan M. ; Vaughn, Rayford B., Jr.
Author_Institution :
Dept. of Comput. Sci. & Eng., Mississippi State Univ., MS, USA
Abstract :
A major constraint of an anomaly-based intrusion detection system (IDS) lies in its inability to adapt to distinguish these changes from intrusive behavior. To overcome these obstacles, the normal profile must be updated at regular intervals. The naive approach of exhaustively recomputing the normal profile is often not viable and can incorporate patterns of intrusive behavior as normal. We address technical issues and present an adaptive data mining framework for anomaly detection. We employ a sliding window approach and use only the audit data inside that sliding window to update the profile. Instead of performing an exhaustive update, we use some heuristics to decide when to update. Experimental results using real network traffic data (containing simulated intrusion attacks) demonstrate the effectiveness of the proposed framework.
Keywords :
adaptive systems; data mining; fuzzy set theory; heuristic programming; safety systems; security of data; user interfaces; adaptive data mining framework; anomaly-based intrusion detection system; audit data; fuzzy association; heuristics; intrusive behavior; real network traffic data; simulated intrusion attacks; sliding window approach; Association rules; Bridges; Buffer overflow; Computer science; Data mining; Databases; Floods; Intrusion detection; Laboratories; Telecommunication traffic;
Conference_Titel :
Systems, Man and Cybernetics, 2003. IEEE International Conference on
Print_ISBN :
0-7803-7952-7
DOI :
10.1109/ICSMC.2003.1244366
