Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

张博,李伟华,布日古德

DOI: https://doi.org/10.3969/j.issn.1671-654X.2004.04.038

2004-01-01

Abstract:For the developed of knowledge discover and other relative technology, the date mining has been a focus in these days. This technology is very effective on building in signature and models in the Intrusion Detection System (IDS). To deal with the lots of Intrusion, we build the signature database and signature association combing with the concept of the association rules of date mining and enhance the network security through audit.

SHEN Bin,YAO Min

DOI: https://doi.org/10.3321/j.issn:1001-0920.2009.09.006

2009-01-01

Abstract:In order to improve the shortcomings of the original dynamic association rule(DAR for short),this paper presents a new kind of DAR,which can reflect the dynamic information of rule with time better.Its defintions of support vector and confidence vector are accord with the classical defintions of support and confidence.Two new mining algorithms are also provided,which are ITS algorithm and EFP-growth algorithm.ITS algorithm has two stages,and can be well comprehended.EFP-growth algorithm is based on extended FP-tree and suitable for large volumes of data with high density.The experiment results show that the proposed algorithm has good performance and is fit for mining DARs.

张浩,景凤宣,谢晓尧

DOI: https://doi.org/10.3969/j.issn.1004-5570.2011.03.018

2011-01-01

Abstract:Among a large number of association rule mining algorithms, Apriori algorithm is the most classic one ,but it has three deficiencies,including scanning databases many times, senerating a large number of candidate anthology, and mining frequent itemsets iteratively. This paper presented a method, Apriori algorithm to generate the candidate itemsets and then finds whether it is the frequent item- sets through the database, thereby enhancing the efficiency of the algorithm. Finally, intrusion detection system for the formation of association rules （IDS）. The experimental results show that the optimized algorithm can effectively improve the efficiency of mining association rules.

WU Shun-xiang

2006-01-01

Abstract:The capability of intrusion detection system is related to its detected rules greatly,so how to get the valid intrusion detection rules quickly from network data is very important to IDS(Intrusion Detection System).In this paper the drawback of the traditional algorithm of association rule is analyzed.And then the optimizing policy about data mining algorithm and the method of disposing temporal data are discussed specially.The main attribute is used to restrict the final rules.And some attributes are included in the final rules directly according to their high frequency.The improved algorithm is more improved in mining speed and detectable probabilities of final rules.Some formerly ignored rules are discovered,at the same time some unnecessary rules are eliminated in the experimentation.The validity of the improved algorithm is proved by the experimentation.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

杨建华,蒋玉明,彭轮

DOI: https://doi.org/10.3969/j.issn.1008-0570.2009.24.011

2009-01-01

Abstract:In this paper an intrusion detection system based on data mining is proposed,and its main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre-processed audit data that contain network connection information. Put forward a method to improve the Apriori algorithm,whose I/O is quite surprising when scanning the database. To improve the method is feasible;the normal rules in the knowledge database in IDS are mined. And the experiment indicates that the model can produce new rules,which approve the validity and the feasibility of the IDS.

Fei Shufang,Zheng Ning,Yu Ritai,Xu Ming

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.03.033

2009-01-01

Abstract:In this paper it proposes a new improved fuzzy association rules algorithm by integrating Apriori and Kuok's algorithms.This algorithm,by introducing fuzzy membership function,decision tree scheme and similarities of rule sets,employed these three structures to build amended mining algorithm for mining association rules of quantitative attributes.Experimental results have demonstrated the algorithm's good performance in both rule building efficacy and time efficiency.

Pan Meimei,Cai Jian,Zhu Longhai

DOI: https://doi.org/10.3969/j.issn.1001-7119.2013.05.036

2013-01-01

Abstract:Current intrusion technology with each passing day,the original database defensive work has been unable to meet the defense needs of the database,using data mining techniques,data rules and IDS system library has been improved, according to two kinds of intrusion methods and data rule base solution designed a rule base of self-renewal,improved IDS system,the data rule base is automatically updated and improved functionality.The experiments show,the system has greatly improved the defensive performance of the system,greatly improving the detection capabilities,provides the possibility for the system automatic defense of others invasion.

CHEN Jie,WANG Yu-xi,ZHANG Rui-lin,QIAN Yun-tao,BAO Wei-jiang

DOI: https://doi.org/10.3969/j.issn.1673-3851.2008.06.014

2008-01-01

Abstract:Based on the obtaining railway public safety information,this paper uses the typical association rule extracting algorithms-Apriori and improved algorithm AprioriTid,for analyzing and verifying.The mutual relations among the humans,events and matters in the violation cases are extracted,which can be used to predict the future public order situation in railway stations.The information can also be used to guide the police management to the key time interval,key district and key cases,so the police can be arranged scientifically and reasonably to overcome the shortage of police manpower.At the same time,the authors also compare the efficiency of the two algorithms,and find AprioriTid is better than Apriori algorithm in respect of both accuracy and time complexity.

Ping Lou,Guantong Lu,Xuemei Jiang,Zheng Xiao,Jiwei Hu,Junwei Yan

DOI: https://doi.org/10.1007/s10489-020-02007-5

IF: 5.3

2020-01-01

Applied Intelligence

Abstract:Security logs in cloud environment like intrusion detection system (IDS) logs, firewall logs, and system logs provide historical information describing potential security risks. However, the use of logs for cyber intrusion detection relies heavily on expert knowledge. It is very difficult for the non-expert to identify these intrusion behaviors. This paper proposes a new method for mining association rules from multi-source logs to detect various intrusion behaviors in the cloud computing platform. In this method, a rule base is constructed to detect cyber intrusion. An adaptive approach is used to speed up the calculation of the association rule mining, in which the decision depends on the time complexity of the algorithm. Various cyber-attacks are simulated in the verification experiments which show the calculation speed of the proposed method is faster than other algorithms. Furthermore, compared with other methods, the performance of the proposed intrusion detection method is better than others in term of precision, recall, and f-measure.

Changqing Chen,Weimin Wu,Heng Zhou,Gang Shen

DOI: https://doi.org/10.1109/csss.2011.5974769

2011-01-01

Abstract:In order to improve the detection efficiency of intrusion detection and reduce false alarm, an approach combined rough sets and data mining is proposed to enhance the traditional intrusion detection methods. First, collected data is classified and preprocessed by normalizing the value variables and discretely processing the nominal variables, an attribute reduction to the result set can be made based on Pawlak attribute weights Rough Set Algorithm with characteristics of the property up and down approximation set. According to attribute reduction, association rules can be generated which satisfy a certain degree of confidence, then imported into the rule set. Experiments show that the detection approach combined rough sets and data mining has improved the detection efficiency above 20%. The detection rate is almost linear with the number of intrusions.

宋世杰,胡华平,胡笑蕾

DOI: https://doi.org/10.3969/j.issn.1671-1742.2004.01.001

2004-01-01

Abstract:The purpose of the data mining is to find out the relativity from a large number of data. The application of the association rules algorithm and the sequence patterns algorithm to IDS is presented and the process of mining frequency patterns from the raw audit data with the extended apriori association rules and the GSP sequence patterns algorithm combined is introduced. Finally the application is realized.

Hyeok Kong,Cholyong Jong,Unhyok Ryang

DOI: https://doi.org/10.48550/arXiv.1601.05335

2016-01-20

Cryptography and Security

Abstract:Many modern intrusion detection systems are based on data mining and database-centric architecture, where a number of data mining techniques have been found. Among the most popular techniques, association rule mining is one of the important topics in data mining research. This approach determines interesting relationships between large sets of data items. This technique was initially applied to the so-called market basket analysis, which aims at finding regularities in shopping behaviour of customers of supermarkets. In contrast to dataset for market basket analysis, which takes usually hundreds of attributes, network audit databases face tens of attributes. So the typical Apriori algorithm of association rule mining, which needs so many database scans, can be improved, dealing with such characteristics of transaction database. In this paper we propose an impoved Apriori algorithm, very useful in practice, using scan of network audit database only once by transaction cutting and hashing.

Yu-Xin Ding,Hai-Sen Wang,Qing-Wei Liu

DOI: https://doi.org/10.1109/icmlc.2008.4620604

2008-01-01

Abstract:Traditional intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They can't rind logical relations among alerts. In addition, IDS's accuracy is low, a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining method is used to find the attack scenarios. Firstly redundancy alerts are checked and deleted, then attack scenario patterns are mined by using the associate-rule algorithms which is an improved Apriori algorithm. These mined scenario patterns are used to rind attack scenarios. In (his paper 1999 DARPA intrusion detection scenario specific datasets are used as the experimental data and the corresponding results are shown. Compared with current scenario detection methods which depend on human knowledge to define attack scenarios, our methods use data mining method to find the scenarios automatically. Our experimental results demonstrate the potential of the proposed method.

GUO Shan-Qing,XIE Li,ZENG Ying-Pei

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.003

2006-01-01

Abstract:Progress has been made in using machine learning techniques such as SVM and neural networks for intrusion detection,but the non-understandable detection results have prevented those algorithms from being thoroughly utilized.In this paper,the authors put forward a novel huge-data oriented method,which was based on the popular association rules extraction algorithm and targeted at the result of intrusion detection,to build real-time rules for enhancing the understanding of detection results and therefore decrease possible loss.The algorithm,by introducing local support,global confidence,CI-Tree and IX-Tree structure,employed these tree structures to build online rules for currently active intrusion.This algorithm solved a number of problems that exist in applying association rules algorithm to intrusion detection:(1)multi-scan(twice at least);(2)mass useless rules due to unbalanced distribution of attacking data;(3)unwanted frequent set produced in the old two-phase rule-building method.Experimental results have demonstrated the method's good performance in both rule building efficacy and time efficiency.

Yuan-da CAO,Jing-feng XUE

DOI: https://doi.org/10.3969/j.issn.1004-0579.2002.04.019

2002-01-01

Journal of Beijing Institute of Technology

Abstract:Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.

MAO Yi-min,YANG Lu-ming,CHEN Zhi-gang,LIU Li-xin

2011-01-01

Journal of Central South University

Abstract:Aiming at the current problems of inadequacy in intrusion-detection system response speed and detecting precision of data mining techniques based on association rules of data streams,an intrusion detection system model of MMFIID-DS based on maximal frequent pattern of data streams was proposed.A variety of pruning strategies were proposed to mine the maximal frequent itemsets on trained normal data set,abnormal data set and current data streams to establish normal and abnormal behavior pattern as well as user behavior pattern of the system in order to improve response speed of the system by greatly reducing search space.Besides,misuse detection and anomaly detection techniques were combined to implement online real-time intrusion detection and improve detection precision of the system.Both theoretical and experimental results indicate that the MMFIID-DS intrusion detection system is fairly sound in performance.

Li Yeda,Sun Wei

DOI: https://doi.org/10.3969/j.issn.1001-5477.2006.01.001

2006-01-01

Abstract:Intrusion detection system has long been recognized as a necessary component of a multilayered security architecture.Comparing with the traditional intrusion detection system,data mining-based intrusion detection has the feature of high precision,and to some extent can effectively recognize unknown attacks.However,the existence of false positives has long been a hindrance to deep research.In this paper,factors affecting the detection rate are analyzed and a method of intrusion detection system that can effectively improve precision and decrease false positive rate is presented.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.