A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems

A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems (1999)

Cached

Download Links

[www.csc.ncsu.edu]

by Wenke Lee

Citations:

38 - 7 self

BibTeX

@TECHREPORT{Lee99adata,
    author = {Wenke Lee},
    title = {A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems},
    institution = {},
    year = {1999}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Intrusion detection is an essential component of critical infrastructure protection mechanisms. The traditional pure "knowledge engineering" process of building Intrusion Detection Systems (IDSs) is very slow, expensive, and error-prone. Current IDSs thus have limited extensibility in the face of changed or upgraded network configurations, and poor adaptability in the face of new attack methods. This thesis describes a novel framework, MADAM ID, for Mining Audit Data for Automated Models for Intrusion Detection. Classification rules are inductively learned from audit records and used as intrusion detection models. A critical requirement for the rules to be effective detection models is that an appropriate set of features need to be first constructed and included in the audit records. A key contribution of the thesis is thus in automatic "feature construction". Using MADAM ID, raw ...

Citations

2888	Induction of Decision Trees - Quinlan - 1986
2161	Srikant R: Fast algorithms for mining association rules - Agrawal - 1994
1954	Mining association rules between sets of items in large databases - Agrawal, Imielinski, et al. - 1993
931	Mining Sequential Patterns - Agrawal, Srikant - 1995
784	Learning logical definitions from relations - Quinlan - 1989
682	The CN2 induction algorithm - Clark, Niblett - 1989
652	End-to-end internet packet dynamics - Paxson - 1999
562	Bro: A system for detecting network intruders in real-time - Paxson - 1999
547	P.: From data mining to knowledge discovery: An overview. In - Piatetsky-Shapiro, Fayyad, et al. - 1996
457	A sense of self for unix processes - Forrest, Hofmeyr, et al. - 1996
416	Bayesian classification (AutoClass): Theory and results - Cheeseman, Stutz - 1996
368	ªFastmap: A Fast Algorithm for Indexing, Data-Mining and - Faloutsos, Lin - 1995
337	Y.: Discovery of multiple-level association rules from large databases - Han, Fu - 1995
314	event monitoring enabling responses to anomalous live disturbances - Porras, Neumann - 1997
266	Data mining approaches for intrusion detection - Lee, Stolfo - 1998
239	transition analysis: A rule-based intrusion detection approach - Ilgun, Kermmerer, et al. - 1995
238	Security problems in the TCP/IP protocol suite - Bellovin - 1989
224	The KDD process for extracting useful knowledge from volumes of data - Fayyad - 1996
214	A data mining framework for building intrusion detection models - Lee, Stolfo, et al. - 1999
211	Discovering frequent episodes in sequences - Mannila, Toivonen - 1996
201	Mining association rules with item constraints - Srikant, Vu, et al. - 1997
185	Finding interesting rules from large sets of discovered association rules - Klementinen, Mannila, et al. - 1994
115	JAM: Java Agents for Meta-Learning over Distributed Databases - Stolfo, Prodromidis, et al. - 1997
113	USTAT: A real-time intrusion detection system for Unix - Ilgun
111	Discovering generalized episodes using minimal occurrences - Mannila, Toivonen - 1996
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
99	J.:Clustering association rules - Lent, Swami, et al.
87	A belief-driven method for discovering unexpected patterns - Padmanabhan, Tuzhilin - 1998
79	Toward parallel and distributed learning by metalearning - Chan, Stolfo - 1993
74	Mining audit data to build intrusion detection models - Lee, Stolfo, et al. - 1998
67	Adaptive real-time anomaly detection using inductively generated sequential patterns - Teng, Chen, et al.
64	Fast eective rule induction - Cohen - 1995
64	A software architecture to support misuse intrusion detection - KUMAR, SPAFFORD - 1995
62	The architecture of a network level intrusion detection system.Technical report - Heady, Luger, et al. - 1990
61	Grammatically biased learning: Learning logic programs using an explicit antecedent description language - Cohen - 1994
59	Artificial intelligence and intrusion detection: Current and future directions - Frank - 1994
58	Mining in a data-flow environment: Experience in network intrusion detection - Lee, Stolfo, et al.
58	A real-time intrusion detection expert system (IDES) - final technical report - Lunt, Tamaru, et al. - 1992
49	A quantitative model of the security intrusion process based onattacker behavior - Jonsson, Olovsson - 1997
49	Detecting Intruders in Computer Systems - LUNT - 1993
47	The basic ideas in neural networks - Rumelhart, Widrow, et al. - 1994
43	Active defense of a computer system using autonomous agents - Crosbie - 1995
42	available via anonymous ftp to ftp.ee.lbl.gov - Jacobson, Leres, et al. - 1989
42	Credit card fraud detection using meta-learning: Issues and initial results - Stolfo, Fan, et al. - 1997
30	Mining Business Databases - Brachman, Khabaza, et al. - 1996
30	Mining scientific data - Fayyad, Haussler, et al.
23	Occam's two razors: The sharp and the blunt - Domingos - 1998
10	Decision tree induction based on ecient tree restructuring - Utgo, Clouse - 1997
7	Combining data mining and machine learning for e↑ective user pro↓ling - Fawcett, Provost - 1996
7	TASA: Telecommunication alarm sequence analyzer, or ”How to enjoy faults in your network - Hatonen, Klemettinen, et al. - 1996