Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
Using Artificial Anomalies to Detect Unknown and Known Network Intrusions
ICDM '01 Proceedings of the 2001 IEEE International Conference on Data Mining
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Weighted Association Rule Mining using weighted support and significance framework
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Snort 2.1 Intrusion Detection, Second Edition
Snort 2.1 Intrusion Detection, Second Edition
Frequent Episode Rules for Internet Anomaly Detection
NCA '04 Proceedings of the Network Computing and Applications, Third IEEE International Symposium
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Defending Distributed Systems Against Malicious Intrusions and Network Anomalies
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
Analysis of distributed intrusion detection systems using Bayesian methods
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
The challenges of using an intrusion detection system: is it worth the effort?
Proceedings of the 4th symposium on Usable privacy and security
Design of a Snort-Based Hybrid Intrusion Detection System
IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living
Attack Patterns Discovery by Frequent Episodes Mining from Honeypot Systems
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Journal of Network and Computer Applications
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Discovery and prevention of attack episodes by frequent episodes mining and finite state machines
Journal of Network and Computer Applications
Information Sciences: an International Journal
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Network intrusion detection system using genetic network programming with support vector machine
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
ACTIDS: an active strategy for detecting and localizing network attacks
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
Expert Systems with Applications: An International Journal
SHAPE--an approach for self-healing and self-protection in complex distributed networks
The Journal of Supercomputing
Improving energy efficiency in distributed intrusion detection systems
Journal of High Speed Networks
Hi-index | 0.00 |
This paper reports the design principles and evaluation results of a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks. By mining anomalous traffic episodes from Internet connections, we build an ADS that detects anomalies beyond the capabilities of signature-based SNORT or Bro systems. A weighted signature generation scheme is developed to integrate ADS with SNORT by extracting signatures from anomalies detected. HIDS extracts signatures from the output of ADS and adds them into the SNORT signature database for fast and accurate intrusion detection. By testing our HIDS scheme over real-life Internet trace data mixed with 10 days of Massachusetts Institute of Technology/Lincoln Laboratory (MIT/LL) attack data set, our experimental results show a 60 percent detection rate of the HIDS, compared with 30 percent and 22 percent in using the SNORT and Bro systems, respectively. This sharp increase in detection rate is obtained with less than 3 percent false alarms. The signatures generated by ADS upgrade the SNORT performance by 33 percent. The HIDS approach proves the vitality of detecting intrusions and anomalies, simultaneously, by automated data mining and signature generation over Internet connection episodes.