Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Finding interesting rules from large sets of discovered association rules
CIKM '94 Proceedings of the third international conference on Information and knowledge management
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Decision Tree Induction Based on Efficient Tree Restructuring
Machine Learning
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
Data Mining and Knowledge Discovery
ICDE '97 Proceedings of the Thirteenth International Conference on Data Engineering
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Discovery of Multiple-Level Association Rules from Large Databases
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Emerging scientific applications in data mining
Communications of the ACM - Evolving data mining into solutions for insights
Incremental Learning with Partial Instance Memory
ISMIS '02 Proceedings of the 13th International Symposium on Foundations of Intelligent Systems
Algorithms for mining system audit data
Data mining, rough sets and granular computing
Incremental learning with partial instance memory
Artificial Intelligence
I know my network: collaboration and expertise in intrusion detection
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Efficient Feature Selection via Analysis of Relevance and Redundancy
The Journal of Machine Learning Research
Toward Integrating Feature Selection Algorithms for Classification and Clustering
IEEE Transactions on Knowledge and Data Engineering
A blackboard-based learning intrusion detection system: a new approach
IEA/AIE'2003 Proceedings of the 16th international conference on Developments in applied artificial intelligence
The Journal of Machine Learning Research
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
Frequent pattern mining for kernel trace data
Proceedings of the 2008 ACM symposium on Applied computing
Non-stationary Data Mining: The Network Security Issue
ICANN '08 Proceedings of the 18th international conference on Artificial Neural Networks, Part II
IDS Based on Bio-inspired Models
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
AutoISES: automatically inferring security specifications and detecting violations
SS'08 Proceedings of the 17th conference on Security symposium
Feature selection with dynamic mutual information
Pattern Recognition
Employee turnover: a novel prediction solution with effective feature selection
CEA'09 Proceedings of the 3rd WSEAS international conference on Computer engineering and applications
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
Information Market-Based Decision Fusion
Management Science
ACM Computing Surveys (CSUR)
Employee turnover: a novel prediction solution with effective feature selection
WSEAS Transactions on Information Science and Applications
Attack Patterns Discovery by Frequent Episodes Mining from Honeypot Systems
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Proceedings of the 37th annual ACM SIGUCCS fall conference: communication and collaboration
A game theoretical framework on intrusion detection in heterogeneous networks
IEEE Transactions on Information Forensics and Security
Debt Detection in Social Security by Adaptive Sequence Classification
KSEM '09 Proceedings of the 3rd International Conference on Knowledge Science, Engineering and Management
Using an Evolutionary Neural Network for web intrusion detection
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Discovery and prevention of attack episodes by frequent episodes mining and finite state machines
Journal of Network and Computer Applications
A bidirectional-based DDoS detection mechanism
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Intrusion detection at packet level by unsupervised architectures
IDEAL'07 Proceedings of the 8th international conference on Intelligent data engineering and automated learning
Nearest-neighbor guided evaluation of data reliability and its applications
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
A new logic correlation rule for HIV-1 protease mutation
Expert Systems with Applications: An International Journal
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Privacy and security in ubiquitous knowledge discovery
Ubiquitous knowledge discovery
Privacy and security in ubiquitous knowledge discovery
Ubiquitous knowledge discovery
Anomaly intrusion detection based upon an artificial immunity model
Proceedings of the 49th Annual Southeast Regional Conference
An adaptive network intrusion detection method based on PCA and support vector machines
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
Autonomous recovery from hostile code insertion using distributed reflection
Cognitive Systems Research
A survey of anomaly intrusion detection techniques
Journal of Computing Sciences in Colleges
A scalable approach to simultaneous evolutionary instance and feature selection
Information Sciences: an International Journal
Journal of Network and Computer Applications
Toward the scalability of neural networks through feature selection
Expert Systems with Applications: An International Journal
A temporal pattern mining approach for classifying electronic health record data
ACM Transactions on Intelligent Systems and Technology (TIST) - Survey papers, special sections on the semantic adaptive social web, intelligent systems for health informatics, regular papers
| Hi-index | 0.00 |
In this paper we describe a data mining framework for constructingintrusion detection models. The first key idea is to mine system auditdata for consistent and useful patterns of program and user behavior.The other is to use the set of relevant system features presented inthe patterns to compute inductively learned classifiers that canrecognize anomalies and known intrusions. In order for the classifiersto be effective intrusion detection models, we need to have sufficientaudit data for training and also select a set of predictive systemfeatures. We propose to use the association rules and frequentepisodes computed from audit data as the basis for guiding the auditdata gathering and feature selection processes. We modify these twobasic algorithms to use axis attribute(s) and referenceattribute(s) as forms of item constraints to compute only therelevant patterns. In addition, we use an iterative level-wiseapproximate mining procedure to uncover the low frequency butimportant patterns. We use meta-learning as a mechanism to makeintrusion detection models more effective and adaptive. We report ourextensive experiments in using our framework on real-world audit data.