Data stream mining architecture for network intrusion detection

Author

Chu, Nelson C N ; Williams, Adepele ; Alhajj, Reda ; Barker, Ken

Author_Institution

Dept. of Comput. Sci., Calgary Univ., Alta., Canada

fYear

2004

fDate

8-10 Nov. 2004

Firstpage

363

Lastpage

368

Abstract

In this paper, we propose a stream mining architecture which is based on a single-pass approach. Our approach can be used to develop efficient, effective, and active intrusion detection mechanisms which satisfy the near real-time requirements of processing data streams on a network with minimal overhead. The key idea is that new patterns can now be detected on-the-fly. They are flagged as network attacks or labeled as normal traffic, based on the current network trend, thus reducing the false alarm rates prevalent in active network intrusion systems and increasing the low detection rate which characterizes passive approaches.

Keywords

computer networks; data mining; security of data; telecommunication security; active network intrusion detection systems; data stream mining architecture; false alarm rates; network attacks; single-pass approach; Availability; Computer architecture; Computer networks; Computer science; Computerized monitoring; Data mining; Information resources; Intrusion detection; Telecommunication traffic; Telephony;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Reuse and Integration, 2004. IRI 2004. Proceedings of the 2004 IEEE International Conference on

Print_ISBN

0-7803-8819-4

Type

conf

DOI

10.1109/IRI.2004.1431488

Filename

1431488