Bootstrapping a data mining intrusion detection system

Authors:
Daniel Barbará;Yi Li;Julia Couto;Jia-Ling Lin;Sushil Jajodia
Affiliations:
George Mason University, Fairfax, VA;George Mason University, Fairfax, VA;James Madison University, Harrisonburg, VA;George Mason University, CSIS, Fairfax, VA;George Mason University, CSIS, Fairfax, VA
Venue:
Proceedings of the 2003 ACM symposium on Applied computing
Year:
2003

Citing 5
Cited 6

Mining association rules between sets of items in large databases

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Applications of Data Mining in Computer Security

Applications of Data Mining in Computer Security
COOLCAT: an entropy-based algorithm for categorical clustering

Proceedings of the eleventh international conference on Information and knowledge management
Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy

Principle Components and Importance Ranking of Distributed Anomalies

Machine Learning
Challenging the anomaly detection paradigm: a provocative discussion

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Anomaly detection: A survey

ACM Computing Surveys (CSUR)
Anomaly detection using manifold embedding and its applications in transportation corridors

Intelligent Data Analysis - Knowledge Discovery from Data Streams
Outlier ensembles: position paper

ACM SIGKDD Explorations Newsletter
Review: A review of novelty detection

Signal Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The application of data mining techniques in intrusion detection has received a lot of attention lately. Most of the approaches require of a training phase based on the availability of labelled data, where the labels indicate whether the points correspond to normal events or attacks. Unfortunately, this labelled data is not readily available in practice. In this paper we present a novel method based in intersecting segments of unlabelled data and using the intersection as the base data for unsupervised learning (clustering). The clustering algorithm, along with a method to find outliers with respect to the base clusters form the basis for separation of unlabelled data into groups of points that are normal (attack-free) and points that correspond to attacks. We show that the technique is very sucessful in separating points of the data sets of the DARPA, Lincoln Labs evaluation of 1999.