Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Clustering and classification algorithm for computer intrusion detection
Clustering and classification algorithm for computer intrusion detection
OFFSS: optimal fuzzy-valued feature subset selection
IEEE Transactions on Fuzzy Systems
Misconfigurations discovery between distributed security components using the mobile agent approach
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hybrid network intrusion detection system using expert rule based approach
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Hi-index | 0.00 |
This paper first analyzes and compares misuse detection and anomaly detection. Misuse detection can't detect new or unknown intrusion, while anomaly detection has the shortcoming on detection rate and false alarm rate. In order to overcome their respective shortcomings, we propose a framework of cooperating intrusion detection based on clustering analysis and expert system. It can meet the demand of real-time detection through clustering method and detect new or unknown intrusion. It integrates the virtues of both misuse detection and anomaly detection to improve the detection performance. Moreover it converts unknown intrusion to known intrusion, hence improves the detection accuracy and efficiency.