Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building intrusion pattern miner for Snort network intrusion detection system
Journal of Systems and Software
Agent-oriented network intrusion detection system using data mining approaches
International Journal of Agent-Oriented Software Engineering
The system modeling for detections of new malicious codes
PARA'04 Proceedings of the 7th international conference on Applied Parallel Computing: state of the Art in Scientific Computing
Hi-index | 0.00 |
In Network-based Intrusion Detection, signatures discovery is an important issue, since the performance of an intrusion detection system heavily depends on accuracy and abundance of signatures. In most cases, we have to find these signatures manually. This is a time-consuming and error-prone work. Some papers introduce data mining into Intrusion Detection System. However, there are some drawbacks in these schemes. We present a data mining based approach to supporting signature discovery in network-based Intrusion Detection System. It has people find signatures of an intrusion easily. The main idea is that: First, Signature Discovery System (SDS) tries to find the most possible signatures that occur very frequently in the communication monitored. Second, SDS will find the relationships between these candidate signatures and construct rules based on these relationships found. Finally, SDS gives two kinds of hints: one is the signatures whose frequency of occurrence is greater than a threshold; the other is a set of rules composed of a set of signatures that are created by SDS in the second step. An experimental system called SigSniffer has been implemented to test the feasibility of the proposed approach.