Classification and detection of computer intrusions
Classification and detection of computer intrusions
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A dynamic data mining technique for intrusion detection systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Hi-index | 0.00 |
In very many situations the collection of data from distributed hosts for its subsequent use to generate an intrusion detection profile may not be technically feasible (e.g., due to data size or network security transfer protocols). This situation is especially evident for data intensive intrusion profile generation (e.g., inducing profiles via data mining techniques). An alternative solution is to build a network profile by applying distributed data analysis methods (e.g., agent based computing). Such an approach is described in this paper. Global profiles are built using a Distributed Data Mining approach that integrates inductive generalization and Agent based computing. In this approach, classification rules are learned via tree induction from distributed data to be used as intrusion profiles. Agents, in a collaborative fashion, generate partial trees and communicate the temporary results among them in the form of indices to the data records. The process is terminated when a final tree is induced. This communication mechanism does not involve any data transfers, and in addition, a compression approach is used to reduce the communication bandwidth of data index transfers.