State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
The KDD process for extracting useful knowledge from volumes of data
Communications of the ACM
End-to-end Internet packet dynamics
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Internet Security Professional Reference
Internet Security Professional Reference
Mining Generalized Association Rules
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Fast algorithms for mining association rules and sequential patterns
Fast algorithms for mining association rules and sequential patterns
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Application of a distributed data mining approach to network intrusion detection
Proceedings of the first international joint conference on Autonomous agents and multiagent systems: part 3
Data mining aided signature discovery in network-based intrusion detection system
ACM SIGOPS Operating Systems Review
Automated discovery of concise predictive rules for intrusion detection
Journal of Systems and Software
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Enhancing profiles for anomaly detection using time granularities
Journal of Computer Security
A multimedia service composition scheme for ubiquitous networks
Journal of Network and Computer Applications
A Biological Approach to the Development of Computer Autoimmune Systems
ISMIS '02 Proceedings of the 13th International Symposium on Foundations of Intelligent Systems
User Profiling for Intrusion Detection Using Dynamic and Static Behavioral Models
PAKDD '02 Proceedings of the 6th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Intrusion Detection through Behavioral Data
IDA '99 Proceedings of the Third International Symposium on Advances in Intelligent Data Analysis
ADMIT: anomaly-based data mining for intrusions
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Algorithms for mining system audit data
Data mining, rough sets and granular computing
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Lightweight agents for intrusion detection
Journal of Systems and Software
Intrusion detection techniques for mobile wireless networks
Wireless Networks
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
A data mining approach for database intrusion detection
Proceedings of the 2004 ACM symposium on Applied computing
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
Coordinated internet attacks: responding to attack complexity
Journal of Computer Security
Metadata for Anomaly-Based Security Protocol Attack Deduction
IEEE Transactions on Knowledge and Data Engineering
Application of Maximum Entropy Principle to Software Failure Prediction
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
Application of data mining technology and generic algorithm to intrusion detection system
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
LISA '02 Proceedings of the 16th USENIX conference on System administration
Mining block correlations to improve storage performance
ACM Transactions on Storage (TOS)
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Application of SVM and ANN for intrusion detection
Computers and Operations Research
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
The case for anomalous link detection
MRDM '05 Proceedings of the 4th international workshop on Multi-relational mining
Guest Editors' Introduction: Artificial Intelligence for Homeland Security
IEEE Intelligent Systems
MAFIA: A Maximal Frequent Itemset Algorithm
IEEE Transactions on Knowledge and Data Engineering
C-Miner: Mining Block Correlations in Storage Systems
FAST '04 Proceedings of the 3rd USENIX Conference on File and Storage Technologies
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
The case for anomalous link discovery
ACM SIGKDD Explorations Newsletter
An online evolutionary approach to developing internet services
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Fighting cybercrime: a review and the Taiwan experience
Decision Support Systems - Special issue: Intelligence and security informatics
Data warehousing and data mining techniques for intrusion detection systems
Distributed and Parallel Databases
To identify suspicious activity in anomaly detection based on soft computing
AIA'06 Proceedings of the 24th IASTED international conference on Artificial intelligence and applications
Automated known problem diagnosis with event traces
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Enhancing border security: Mutual information analysis to identify suspect vehicles
Decision Support Systems
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network anomaly detection based on TCM-KNN algorithm
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Intrusion detection in web applications using text mining
Engineering Applications of Artificial Intelligence
Information sharing for distributed intrusion detection systems
Journal of Network and Computer Applications
Modeling intrusion detection system using hybrid intelligent systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Using runtime paths for macroanalysis
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Path-based faliure and evolution management
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Automated intrusion detection using NFR: methods and experiences
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network anomaly detection with incomplete audit data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting anomalous records in categorical datasets
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Building intrusion pattern miner for Snort network intrusion detection system
Journal of Systems and Software
A Tabu Clustering algorithm for Intrusion Detection
Intelligent Data Analysis
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
A NetFlow based flow analysis and monitoring system in enterprise networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Agent-oriented network intrusion detection system using data mining approaches
International Journal of Agent-Oriented Software Engineering
Hierarchical Hidden Markov Models for User/Process Profile Learning
Fundamenta Informaticae - Special issue ISMIS'05
Generic denial of service prevention through a logical fibering algorithm
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
Malicious code detection method over IPv4/IPv6 tunneling using Naive Bayesian classifier
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Novel Data Mining Method for Network Anomaly Detection Based on Transductive Scheme
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Advances in Neural Networks
Fast intrusion detection based on a non-negative matrix factorization model
Journal of Network and Computer Applications
Information Sciences: an International Journal
Knowledge Discovery from Honeypot Data for Monitoring Malicious Attacks
AI '08 Proceedings of the 21st Australasian Joint Conference on Artificial Intelligence: Advances in Artificial Intelligence
Using case-based reasoning for the design of controls for internet-based information systems
Expert Systems with Applications: An International Journal
Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation
Journal of Network and Computer Applications
Profiling and identification of P2P traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
Data Mining for Intrusion Detection: From Outliers to True Intrusions
PAKDD '09 Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
ACM Computing Surveys (CSUR)
A New Data-Mining Based Approach for Network Intrusion Detection
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Composing Miners to Develop an Intrusion Detection Solution
Privacy, Security, and Trust in KDD
Learning Process Behavior with EDY: an Experimental Analysis
Proceedings of the 2008 conference on STAIRS 2008: Proceedings of the Fourth Starting AI Researchers' Symposium
IMAD: in-execution malware analysis and detection
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
The Needles-in-Haystack Problem
MLDM '09 Proceedings of the 6th International Conference on Machine Learning and Data Mining in Pattern Recognition
Incremental construction of structured hidden Markov models
IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
A formal model for virtual machine introspection
Proceedings of the 1st ACM workshop on Virtual machine security
Intrusion Detection Using Neural Networks: A Grid Computing Based Data Mining Approach
ICONIP '09 Proceedings of the 16th International Conference on Neural Information Processing: Part II
Fighting cybercrime: a review and the Taiwan experience
Decision Support Systems - Special issue: Intelligence and security informatics
Intelligence system approach for computer network security
AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
Anomaly intrusion detection by clustering transactional audit streams in a host computer
Information Sciences: an International Journal
Content-based methodology for anomaly detection on the web
AWIC'03 Proceedings of the 1st international Atlantic web intelligence conference on Advances in web intelligence
Anomaly detection scheme using data mining in mobile environment
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartII
TCM-KNN algorithm for supervised network intrusion detection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A risk-sensitive intrusion detection model
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
An intrusion detection method based on system call temporal serial analysis
ICIC'07 Proceedings of the intelligent computing 3rd international conference on Advanced intelligent computing theories and applications
Use of dimensionality reduction for intrusion detection
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Application of the pagerank algorithm to alarm graphs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Detecting unusual pattern with labeled data in two-stage
FSKD'09 Proceedings of the 6th international conference on Fuzzy systems and knowledge discovery - Volume 1
Optimizing network anomaly detection scheme using instance selection mechanism
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An ensemble-based evolutionary framework for coping with distributed intrusion detection
Genetic Programming and Evolvable Machines
A reference based analysis framework for analyzing system call traces
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Immune model based approach for network intrusion detection
Proceedings of the 3rd international conference on Security of information and networks
Discrete wavelet transform-based time series analysis and mining
ACM Computing Surveys (CSUR)
Analyzing multimodal time series as dynamical systems
International Conference on Multimodal Interfaces and the Workshop on Machine Learning for Multimodal Interaction
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
A malware detection algorithm based on multi-view fusion
ICONIP'10 Proceedings of the 17th international conference on Neural information processing: models and applications - Volume Part II
NADO: network anomaly detection using outlier approach
Proceedings of the 2011 International Conference on Communication, Computing & Security
C-Miner: mining block correlations in storage systems
FAST'04 Proceedings of the 3rd USENIX conference on File and storage technologies
A fusion of ICA and SVM for detection computer attacks
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Intrusion detection using neural based hybrid classification methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
OS-level hang detection in complex software systems
International Journal of Critical Computer-Based Systems
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
DepSim: a dependency-based malware similarity comparison system
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Expert Systems with Applications: An International Journal
Analysis of neural networks usage for detection of a new attack in IDS
Annales UMCS, Informatica
A differentiated one-class classification method with applications to intrusion detection
Expert Systems with Applications: An International Journal
Construction of adaptive IDS through IREP++ and ARM
ICDCN'06 Proceedings of the 8th international conference on Distributed Computing and Networking
Immune algorithm optimization of membership functions for mining association rules
ICNC'06 Proceedings of the Second international conference on Advances in Natural Computation - Volume Part II
Weighted intra-transactional rule mining for database intrusion detection
PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
An enhanced support vector machine model for intrusion detection
RSKT'06 Proceedings of the First international conference on Rough Sets and Knowledge Technology
Anomaly detection method based on HMMs using system call and call stack information
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Incremental fuzzy decision tree-based network forensic system
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Intrusion detection using text mining in a web-based telemedicine system
AI'05 Proceedings of the 18th Australian Joint conference on Advances in Artificial Intelligence
Suspect vehicle identification for border safety with modified mutual information
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Detection of DDoS attacks using optimized traffic matrix
Computers & Mathematics with Applications
Fuzzy model tuning for intrusion detection systems
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Empirical study on fusion methods using ensemble of RBFNN for network intrusion detection
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
A novel network intrusion attempts prediction model based on fuzzy neural network
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part I
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Signature-Based approach for intrusion detection
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Applying fuzzy neural network to intrusion detection based on sequences of system calls
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
An adaptive network intrusion detection method based on PCA and support vector machines
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
Applying mining fuzzy association rules to intrusion detection based on sequences of system calls
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Learning the daily model of network traffic
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A genetic SOM clustering algorithm for intrusion detection
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Intrusion detection system using sequence and set preserving metric
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hybrid intrusion detection model based on ordered sequences
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
Mapping from student domain into website category
ICONIP'11 Proceedings of the 18th international conference on Neural Information Processing - Volume Part II
Operating system support to detect application hangs
VECoS'08 Proceedings of the Second international conference on Verification and Evaluation of Computer and Communication Systems
A cross-layer game for energy-efficient jamming detection in ad hoc networks
Security and Communication Networks
Network intrusion detection system: a machine learning approach
Intelligent Decision Technologies
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
Network intrusion detection system using genetic network programming with support vector machine
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Learning from socio-economic characteristics of IP geo-locations for cybercrime prediction
International Journal of Business Intelligence and Data Mining
Hierarchical Hidden Markov Models for User/Process Profile Learning
Fundamenta Informaticae - Special issue ISMIS'05
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Hybrid network intrusion detection system using expert rule based approach
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
International Journal of Ambient Computing and Intelligence
International Journal of Information Security and Privacy
Divided two-part adaptive intrusion detection system
Wireless Networks
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
Efficient and effective realtime prediction of drive-by download attacks
Journal of Network and Computer Applications
A malicious behavior analysis based Cyber-I birth
Journal of Intelligent Manufacturing
Data Mining and Knowledge Discovery
| Hi-index | 0.01 |
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant system features to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Using experiments on the sendmail system call data and the network tcpdump data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview on two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can be used to compute the intra-and inter-audit record patterns, which are essential in describing program or user behavior. The discovered patterns can guide the audit data gathering process and facilitate feature selection. To meet the challenges of both efficient learning (mining) and real-time detection, we propose an agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents.