Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
Frequent Episode Rules for Internet Anomaly Detection
NCA '04 Proceedings of the Network Computing and Applications, Third IEEE International Symposium
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
| Hi-index | 0.00 |
The type of Probe/Exploit (hacking) intrusion can be regarded as a series of relevant actions that are occurred in some sequence. In frequent episodes mining, data is viewed as a sequence of events, where each event has an associated time of occurrence. So the mining technique has significant effect on discovering sophisticated Probe/Exploit intrusion attacks. Prior to deadly attacks to the victim computers, hackers must gather information about the victims and transfer instructions or files to the victims. The proposed method can be used to discover such abnormal episodes from the log files of honeypot systems. The proposed method can be applied to discover known or unknown attack episodes for any network services. In this paper, we focus on discovering attack episodes for SMB (Server Message Block) protocol, which is the most important one for Microsoft's Windows Network. In the experiment, we successfully mined out a sophisticated intrusion episode. The proposed method can easily be modified to protect other network services.