Mining system audit data: opportunities and challenges

Authors:
Wenke Lee;Wei Fan
Affiliations:
College of Computing, Georgia Institute of Technology, Atlanta, GA;IBM T.J. Watson Research Center, Hawthorne, NY
Venue:
ACM SIGMOD Record
Year:
2001

Citing 8
Cited 3

Mining association rules between sets of items in large databases

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection

Intrusion Detection
Data mining-based intrusion detectors: an overview of the columbia IDS project

ACM SIGMOD Record
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)

A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)

Fast detection of database system abuse behaviors based on data mining approach

Proceedings of the 2nd international conference on Scalable information systems
Adaptive architecture for web server survivability

ADVIS'04 Proceedings of the Third international conference on Advances in Information Systems
Learning from socio-economic characteristics of IP geo-locations for cybercrime prediction

International Journal of Business Intelligence and Data Mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection is an essential component of computer security mechanisms. It requires accurate and efficient analysis of a large amount of system and network audit data. It can thus be an application area of data mining. There are several characteristics of audit data: abundant raw data, rich system and network semantics, and ever "streaming". Accordingly, when developing data mining approaches, we need to focus on: feature extraction and construction, customization of (general) algorithms according to semantic information, and optimization of execution efficiency of the output models. In this paper, we describe a data mining framework for mining audit data for intrusion detection models. We discuss its advantages and limitations, and outline the open research problems.