IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Intrusion detection systems and multisensor data fusion
Communications of the ACM
A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Hi-index | 0.00 |
Intrusion detection system(IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack. This paper presents a novel approach that is quite different from the traditional detection models based on raw traffic data. The proposed method can extract unknown activities from IDS alerts by applying data mining technique.We evaluated our method over the log data of IDS that is deployed in Kyoto University, and our experimental results show that it can extract unknown(or under development) attacks from IDS alerts by assigning a score to them that reflects how anomalous they are, and visualizing the scored alerts.