Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Data mining aided signature discovery in network-based intrusion detection system
ACM SIGOPS Operating Systems Review
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Mining Generalized Association Rules
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
Outlier Detection Algorithms in Data Mining Systems
Programming and Computing Software
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hi-index | 0.00 |
Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the actual behaviour of network traffic, and the portfolio mined is useful for differentiating 'normal' and 'attack' traffics. On the other hand, most of the current researches use only one engine for detection of various attacks; the proposed system, which is constructed by a number of agents, is totally different in both training and detecting processes. Each of the agents has its own strength in capturing a kind of network behaviour and hence the system has strength in detecting different types of attack. In addition, its ability in detecting new types of attack and its higher tolerance to fluctuations were shown. The experimental results showed that the frequent patterns mined from the audit data could be used as reliable agents, which outperformed the traditional signature-based NIDS.