Discovering emerging patterns for anomaly detection in network connection data

Authors:
Michelangelo Ceci;Annalisa Appice;Costantina Caruso;Donato Malerba
Affiliations:
Dipartimento di Informatica, Università degli Studi di Bari, Bari, Italy;Dipartimento di Informatica, Università degli Studi di Bari, Bari, Italy;Dipartimento di Informatica, Università degli Studi di Bari, Bari, Italy;Dipartimento di Informatica, Università degli Studi di Bari, Bari, Italy
Venue:
ISMIS'08 Proceedings of the 17th international conference on Foundations of intelligent systems
Year:
2008

Citing 10
Cited 1

Mining association rules between sets of items in large databases

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Efficient mining of emerging patterns: discovering trends and differences

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Exploring constraints to efficiently mine emerging patterns from large high-dimensional datasets

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Intrusion detection

Intrusion detection
Relational Data Mining

Relational Data Mining
Levelwise Search and Borders of Theories in KnowledgeDiscovery

Data Mining and Knowledge Discovery
Algorithms for Mining Distance-Based Outliers in Large Datasets

VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Unifying Framework for Detecting Outliers and Change Points from Time Series

IEEE Transactions on Knowledge and Data Engineering
Learning the daily model of network traffic

ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems

Relational Frequent Patterns Mining for Novelty Detection from Data Streams

MLDM '09 Proceedings of the 6th International Conference on Machine Learning and Data Mining in Pattern Recognition

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most intrusion detection approaches rely on the analysis of the packet logs recording each noticeable event happening in the network system. Network connections are then constructed on the basis of these packet logs. Searching for abnormal connections is where the application of data mining techniques for anomaly detection promise great potential benefits. Anyway, mining packet logs poses additional challenges. In fact, a connection is composed of a sequence of packets, but classical approaches to anomaly detection loose information on the possible relations (e.g., following) between the packets forming one connection. This depends on the fact that the attribute-value data representation adopted by classical anomaly detection methods does not allow either the distinction between connections and packets or the discovery of the interaction between packets in a connection. In order to face this issue, we resort to a Multi-Relational Data Mining approach which makes possible to mine data scattered in multiple relational tables (typically one for each object type). Our goal is to analyse packet logs of consecutive days and discover multivariate relational patterns whose support significantly changes from one day to another. Discovered patterns provide a human-interpretable description of the change in the network connections occurring in consecutive days. Experimental results on real traffic data collected from the firewall logs of our University Department are reported.