Building the data warehouse (2nd ed.)
Building the data warehouse (2nd ed.)
An overview of data warehousing and OLAP technology
ACM SIGMOD Record
ANSWER: network monitoring using object-oriented rules
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Data mining: concepts and techniques
Data mining: concepts and techniques
Database Systems: The Complete Book
Database Systems: The Complete Book
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Intrusion Detection with Snort
Intrusion Detection with Snort
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Design of a data warehouse system for network/web services
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Implementing interactive analysis of attack graphs using relational databases
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
An adaptive architecture of applying vulnerability analysis to IDS alerts
ICAIT '08 Proceedings of the 2008 International Conference on Advanced Infocomm Technology
Hybrid Intrusion Forecasting Framework for Early Warning System
IEICE - Transactions on Information and Systems
Efficient updates for a shared nothing analytics platform
Proceedings of the 2010 Workshop on Massive Data Analytics on the Cloud
Review: Data mining techniques and applications - A decade review from 2000 to 2011
Expert Systems with Applications: An International Journal
Data summarization for network traffic monitoring
Journal of Network and Computer Applications
| Hi-index | 0.00 |
This paper describes data mining and data warehousing techniques that can improve the performance and usability of Intrusion Detection Systems (IDS). Current IDS do not provide support for historical data analysis and data summarization. This paper presents techniques to model network traffic and alerts using a multi-dimensional data model and star schemas. This data model was used to perform network security analysis and detect denial of service attacks. Our data model can also be used to handle heterogeneous data sources (e.g. firewall logs, system calls, net-flow data) and enable up to two orders of magnitude faster query response times for analysts as compared to the current state of the art. We have used our techniques to implement a prototype system that is being successfully used at Army Research Labs. Our system has helped the security analyst in detecting intrusions and in historical data analysis for generating reports on trend analysis.