Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
Fast detection of database system abuse behaviors based on data mining approach
Proceedings of the 2nd international conference on Scalable information systems
Adaptive architecture for web server survivability
ADVIS'04 Proceedings of the Third international conference on Advances in Information Systems
Learning from socio-economic characteristics of IP geo-locations for cybercrime prediction
International Journal of Business Intelligence and Data Mining
Hi-index | 0.00 |
Intrusion detection is an essential component of computer security mechanisms. It requires accurate and efficient analysis of a large amount of system and network audit data. It can thus be an application area of data mining. There are several characteristics of audit data: abundant raw data, rich system and network semantics, and ever "streaming". Accordingly, when developing data mining approaches, we need to focus on: feature extraction and construction, customization of (general) algorithms according to semantic information, and optimization of execution efficiency of the output models. In this paper, we describe a data mining framework for mining audit data for intrusion detection models. We discuss its advantages and limitations, and outline the open research problems.