Self-organizing maps
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
ACM Computing Surveys (CSUR)
Intrusion detection systems and multisensor data fusion
Communications of the ACM
On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms
Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Data mining: concepts and techniques
Data mining: concepts and techniques
ACM Transactions on Information and System Security (TISSEC)
Clustering Algorithms
An Eye on Network Intruder-Administrator Shootouts
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Parzen-Window Network Intrusion Detectors
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Detection and classification of TCP/IP network services
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
An introduction to variable and feature selection
The Journal of Machine Learning Research
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Principle Components and Importance Ranking of Distributed Anomalies
Machine Learning
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Detection of unknown computer worms based on behavioral classification of the host
Computational Statistics & Data Analysis
Approximate autoregressive modeling for network attack detection
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
ULISSE, a network intrusion detection system
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Traffic Data Preparation for a Hybrid Network IDS
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Approximate autoregressive modeling for network attack detection
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics
IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
Application of artificial neural network in detection of DOS attacks
Proceedings of the 2nd international conference on Security of information and networks
Review: The use of computational intelligence in intrusion detection systems: A review
Applied Soft Computing
Human interface for cyber security anomaly detection systems
HSI'09 Proceedings of the 2nd conference on Human System Interactions
Alert verification evasion through server response forging
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SOM-based anomaly intrusion detection system
EUC'07 Proceedings of the 2007 international conference on Embedded and ubiquitous computing
Using unsupervised learning for network alert correlation
Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition
ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Analyzing TCP traffic patterns using self organizing maps
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
MOVICAB-IDS: visual analysis of network traffic data streams for intrusion detection
IDEAL'06 Proceedings of the 7th international conference on Intelligent Data Engineering and Automated Learning
Early warning system for cascading effect control in energy control systems
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Self-adaptive and dynamic clustering for online anomaly detection
Expert Systems with Applications: An International Journal
An Optimum-Path Forest framework for intrusion detection in computer networks
Engineering Applications of Artificial Intelligence
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
Hi-index | 0.01 |
With the continuous evolution of the types of attacks against computer networks, traditional intrusion detection systems, based on pattern matching and static signatures, are increasingly limited by their need of an up-to-date and comprehensive knowledge base. Data mining techniques have been successfully applied in host-based intrusion detection. Applying data mining techniques on raw network data, however, is made difficult by the sheer size of the input; this is usually avoided by discarding the network packet contents.In this paper, we introduce a two-tier architecture to overcome this problem: the first tier is an unsupervised clustering algorithm which reduces the network packets payload to a tractable size. The second tier is a traditional anomaly detection algorithm, whose efficiency is improved by the availability of data on the packet payload content.