Signature-Based approach for intrusion detection

Authors:
Bon K. Sy
Affiliations:
Computer Science Department, Flushing, Queens College/CUNY, NY
Venue:
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Year:
2005

Citing 6
Cited 3

Mining association rules between sets of items in large databases

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Classification and detection of computer intrusions

Classification and detection of computer intrusions
Anomaly Detection over Noisy Data using Learned Probability Distributions

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Discovering association patterns based on mutual information

MLDM'03 Proceedings of the 3rd international conference on Machine learning and data mining in pattern recognition
A formal framework for positive and negative detection schemes

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Alarm clustering for intrusion detection systems in computer networks

Engineering Applications of Artificial Intelligence
Effectiveness evaluation of data mining based IDS

ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Computer network monitoring and abnormal event detection using graph matching and multidimensional scaling

ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

This research presents a data mining technique for discovering masquerader intrusion. User/system access data are used as a basis for deriving statistically significant event patterns. These patterns could be considered as a user/system access signature. Signature-based approach employs a model discovery technique to derive a reference ground model accounting for the user/system access data. A unique characteristic of this reference ground model is that it captures the statistical characteristics of the access signature, thus providing a basis for reasoning the existence of a security intrusion based on comparing real time access signature with that embedded in the reference ground model. The effectiveness of this approach will be evaluated based on comparative performance using a publicly available data set that contains user masquerade.