Packet- vs. Session-Based Modeling for Intrusion Detection Systems
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
A dynamic data mining technique for intrusion detection systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
In [1] we discussed the possibilities of an anomaly-based intrusion detection system that modeled a network at a particular location using advanced data mining techniques on the network packets. In later research [2], we discovered that session-based anomaly detectors produced faster and better results that met our needs for modeling networks. However, a relatively high misclassification rate for our subsequent session-based models showed that we need to produce more solid results. Therefore, we created a bootstrapping algorithm to allow us to create submodels that were eventually combined together to form a larger meta-model. This larger meta-model contained information that had very low misclassification rates. Further, this bootstrapping methodology drastically reduced the false alarm rate while maintaining or even improving upon the number of attacks found in our training data sets.