Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
The KDD process for extracting useful knowledge from volumes of data
Communications of the ACM
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Machine Learning
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Mining system audit data: opportunities and challenges
ACM SIGMOD Record
Measuring False-Positive by Automated Real-Time Correlated Hacking Behavior Analysis
ISC '01 Proceedings of the 4th International Conference on Information Security
An Algorithm for Building User-Role Profiles in a Trust Environment
DaWaK 2000 Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
Guarding the next Internet frontier: countering denial of information attacks
Proceedings of the 2002 workshop on New security paradigms
Monitoring mission critical data for integrity and availability
Integrity and internal control in information systems V
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Metadata for Anomaly-Based Security Protocol Attack Deduction
IEEE Transactions on Knowledge and Data Engineering
Distributed Hybrid Agent Based Intrusion Detection and Real Time Response System
BROADNETS '04 Proceedings of the First International Conference on Broadband Networks
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
LAD: Localization Anomaly Detection forWireless Sensor Networks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
A Services Oriented Framework for Next Generation Data Analysis Centers
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 10 - Volume 11
Defending Distributed Systems Against Malicious Intrusions and Network Anomalies
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Intrusion detection using an ensemble of intelligent paradigms
Journal of Network and Computer Applications - Special issue on computational intelligence on the internet
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Finding Frequent Patterns in a Large Sparse Graph*
Data Mining and Knowledge Discovery
Intelligent Bayesian classifiers in network intrusion detection
IEA/AIE'2005 Proceedings of the 18th international conference on Innovations in Applied Artificial Intelligence
A scalable decision tree system and its application in pattern recognition and intrusion detection
Decision Support Systems
A clustering-based method for unsupervised intrusion detections
Pattern Recognition Letters
Catching web crawlers in the act
ICWE '06 Proceedings of the 6th international conference on Web engineering
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Investigating hidden Markov models capabilities in anomaly detection
Proceedings of the 43rd annual Southeast regional conference - Volume 1
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
A latent class modeling approach to detect network intrusion
Computer Communications
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Adaptive anomaly detection with evolving connectionist systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Specifying and using intrusion masking models to process distributed operations
Journal of Computer Security
BINDER: an extrusion-based break-in detector for personal computers
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
Hierarchical two-tier ensemble learning: a new paradigm for network intrusion detection
Proceedings of the ACM first Ph.D. workshop in CIKM
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
ATLANTIDES: an architecture for alert verification in network intrusion detection systems
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Agent-oriented network intrusion detection system using data mining approaches
International Journal of Agent-Oriented Software Engineering
Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection
International Journal of Security and Networks
An anomaly intrusion detection method using the CSI-KNN algorithm
Proceedings of the 2008 ACM symposium on Applied computing
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Autonomous decision on intrusion detection with trained BDI agents
Computer Communications
An adaptive automatically tuning intrusion detection system
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Automatic feature selection for anomaly detection
Proceedings of the 1st ACM workshop on Workshop on AISec
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Enhancing network based intrusion detection for imbalanced data
International Journal of Knowledge-based and Intelligent Engineering Systems
Intrusion detection with evolutionary learning classifier systems
Natural Computing: an international journal
Detecting network intrusions using signal processing with query-based sampling filter
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
GADDI: distance index based subgraph matching in biological networks
Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Efficient deterministic method for detecting new U2R attacks
Computer Communications
Conversion methods for symbolic features: A comparison applied to an intrusion detection problem
Expert Systems with Applications: An International Journal
Information fusion for computer security: State of the art and open issues
Information Fusion
Markovian workload modeling for Enterprise Application Servers
C3S2E '09 Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Active and Semi-supervised Data Domain Description
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Feature Selection for Density Level-Sets
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Adaptive Distributed Intrusion Detection Using Parametric Model
WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 01
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A simple and efficient hidden Markov model scheme for host- based anomaly intrusion detection
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Protecting a Moving Target: Addressing Web Application Concept Drift
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A scalable decision tree system and its application in pattern recognition and intrusion detection
Decision Support Systems
Developing insider attack detection model: a grounded approach
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
An efficient network intrusion detection
Computer Communications
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
Content-based methodology for anomaly detection on the web
AWIC'03 Proceedings of the 1st international Atlantic web intelligence conference on Advances in web intelligence
TCM-KNN algorithm for supervised network intrusion detection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A modular multiple classifier system for the detection of intrusions in computer networks
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
An intrusion detection method based on system call temporal serial analysis
ICIC'07 Proceedings of the intelligent computing 3rd international conference on Advanced intelligent computing theories and applications
A principal components analysis neural gas algorithm for anomalies clustering
WSEAS TRANSACTIONS on SYSTEMS
An effective intrusion detection method using optimal hybrid model of classifiers
Journal of Computational Methods in Sciences and Engineering - Special Supplement Issue in Section A and B: Selected Papers from the ISCA International Conference on Software Engineering and Data Engineering, 2009
A cost-based analysis of intrusion detection system configuration under active or passive response
Decision Support Systems
Cyber-critical infrastructure protection using real-time payload-based anomaly detection
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Semi-supervised learning for false alarm reduction
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
A misleading attack against semi-supervised learning for intrusion detection
MDAI'10 Proceedings of the 7th international conference on Modeling decisions for artificial intelligence
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
Effective multimodel anomaly detection using cooperative negotiation
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Learning relational policies from electronic health record access logs
Journal of Biomedical Informatics
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
SLA-based complementary approach for network intrusion detection
Computer Communications
Anomaly-based network intrusion detection using outlier subspace analysis: a case study
Canadian AI'11 Proceedings of the 24th Canadian conference on Advances in artificial intelligence
Analysis of neural networks usage for detection of a new attack in IDS
Annales UMCS, Informatica
Empirical comparison of four classifier fusion strategies for positive-versus-negative ensembles
Proceedings of the South African Institute of Computer Scientists and Information Technologists Conference on Knowledge, Innovation and Leadership in a Diverse, Multidisciplinary Environment
Using OVA modeling to improve classification performance for large datasets
Expert Systems with Applications: An International Journal
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Clustering and classification based anomaly detection
FSKD'06 Proceedings of the Third international conference on Fuzzy Systems and Knowledge Discovery
ICAPR'05 Proceedings of the Third international conference on Pattern Recognition and Image Analysis - Volume Part II
Redesign and implementation of evaluation dataset for intrusion detection system
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
M of N features vs. intrusion detection
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Intrusion detection based on behavior mining and machine learning techniques
IEA/AIE'06 Proceedings of the 19th international conference on Advances in Applied Artificial Intelligence: industrial, Engineering and Other Applications of Applied Intelligent Systems
Fuzzy model tuning for intrusion detection systems
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
A covariance matrix based approach to internet anomaly detection
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Model generalization and its implications on intrusion detection
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Learning intrusion detection: supervised or unsupervised?
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Network intrusion detection by combining one-class classifiers
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
USAID: unifying signature-based and anomaly-based intrusion detection
PAKDD'05 Proceedings of the 9th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
Model redundancy vs. intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Combining trust and risk to reduce the cost of attacks
iTrust'05 Proceedings of the Third international conference on Trust Management
Moving object detection in dynamic environment
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part IV
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Effectiveness evaluation of data mining based IDS
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
WiFi miner: an online apriori-infrequent based wireless intrusion system
Sensor-KDD'08 Proceedings of the Second international conference on Knowledge Discovery from Sensor Data
MOVICAB-IDS: visual analysis of network traffic data streams for intrusion detection
IDEAL'06 Proceedings of the 7th international conference on Intelligent Data Engineering and Automated Learning
Hidden markov model based intrusion detection
WISI'06 Proceedings of the 2006 international conference on Intelligence and Security Informatics
Automatically building datasets of labeled IP traffic traces: A self-training approach
Applied Soft Computing
Clustering NGN user behavior for anomaly detection
Information Security Tech. Report
Network intrusion detection system: a machine learning approach
Intelligent Decision Technologies
A self-tuning self-optimizing approach for automated network anomaly detection systems
Proceedings of the 9th international conference on Autonomic computing
Texture based decision tree classification for Arecanut
Proceedings of the CUBE International Information Technology Conference
Proceedings of the Fifth International Conference on Security of Information and Networks
Minimal complexity attack classification intrusion detection system
Applied Soft Computing
Sampling attack against active learning in adversarial environment
MDAI'12 Proceedings of the 9th international conference on Modeling Decisions for Artificial Intelligence
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Positive-versus-Negative Classification for Model Aggregation in Predictive Data Mining
INFORMS Journal on Computing
| Hi-index | 0.00 |
Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, we need a more systematic and automated IDS development process rather that the pure knowledge encoding and engineering approaches. This article describes a novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection. This framework uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records taht are processed according to the feature definitions to generate intrusion detection rules. Results from the 1998 DARPA Intrusion Detection Evaluation showed that our ID model was one of the best performing of all the participating systems. We also briefly discuss our experience in converting the detection models produced by off-line data mining programs to real-time modules of existing IDSs.