Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

Jiang Wei,Min Yao,Jun Yan

DOI: https://doi.org/10.1109/ISISE.2008.17

2008-01-01

Abstract:Clustering is one of the important means of Intrusion detection. In order to overcome the disadvantages of fuzzy C-means algorithm, this paper presents a kind of improved fuzzy C-means algorithm (IFCM for short). IFCM algorithm reduces the infection of isolated point by means of weighting the degree of membership for objects to be clustered, and avoids the subjectivity in choosing the number of clustering by introducing the function of validity. Then, IFCM algorithm is used to intrusion detection, and satisfactory experiment effects are obtained. © 2008 IEEE.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Quan ZHOU,Feng-Ying ZHAO,Chong-Jun WANG,Shi-Fu CHEN

DOI: https://doi.org/10.3969/j.issn.1003-6059.2008.04.015

2008-01-01

Abstract:The solution based on multi-approaches of data mining involving k-means, C4.5, Naive Bayes, Bayes net and Co-training is proposed in order to deal with the major problems of intrusion detection dataset such as class balance, class overlapping, noise, distributions etc. The experiment results show its validity.

H Jin,JH Sun,H Chen,ZF Han

DOI: https://doi.org/10.1109/ftdcs.2004.1316613

2004-01-01

Abstract:With explosively increasing information, data mining techniques are frequently employed to identify trends in the warehouse that may not be readily apparent. In this paper we apply fuzzy data mining techniques to a security system and build a fuzzy data mining based intrusion detection model. Through normalizing the data set and building a fuzzy similar matrix of the network connections in the data set, network connections are clustered into different classes.

Changqing Chen,Weimin Wu,Heng Zhou,Gang Shen

DOI: https://doi.org/10.1109/csss.2011.5974769

2011-01-01

Abstract:In order to improve the detection efficiency of intrusion detection and reduce false alarm, an approach combined rough sets and data mining is proposed to enhance the traditional intrusion detection methods. First, collected data is classified and preprocessed by normalizing the value variables and discretely processing the nominal variables, an attribute reduction to the result set can be made based on Pawlak attribute weights Rough Set Algorithm with characteristics of the property up and down approximation set. According to attribute reduction, association rules can be generated which satisfy a certain degree of confidence, then imported into the rule set. Experiments show that the detection approach combined rough sets and data mining has improved the detection efficiency above 20%. The detection rate is almost linear with the number of intrusions.

Guojun Mao,Xindong Wu,Xuxian Jiang

DOI: https://doi.org/10.1080/18756891.2012.670519

2012-01-01

Abstract:Computer intrusions are taking place everywhere, and have become a major concern for information security. Most intrusions to a computer system may result from illegitimate or irregular calls to the operating system, so analyzing the system-call sequences becomes an important and fundamental technique to detect potential intrusions. This paper proposes two models based on data mining technology, respectively called frequency patterns (FP) and tree patterns (TP) for intrusion detection. FP employs a typical method of sequential mining based on frequency analysis, and uses a short sequence model to find out quickly frequent sequential patterns in the training system-call sequences. TP makes use of the technique of tree pattern mining, and can get a quality profile from the training system-call sequences of a given system. Experimental results show that FP has good performances in training and detecting intrusions from short system-call sequences, and TP can achieve a high detection precision in handling long sequences.

MAO Yi-min,YANG Lu-ming,CHEN Zhi-gang,LIU Li-xin

2011-01-01

Journal of Central South University

Abstract:Aiming at the current problems of inadequacy in intrusion-detection system response speed and detecting precision of data mining techniques based on association rules of data streams,an intrusion detection system model of MMFIID-DS based on maximal frequent pattern of data streams was proposed.A variety of pruning strategies were proposed to mine the maximal frequent itemsets on trained normal data set,abnormal data set and current data streams to establish normal and abnormal behavior pattern as well as user behavior pattern of the system in order to improve response speed of the system by greatly reducing search space.Besides,misuse detection and anomaly detection techniques were combined to implement online real-time intrusion detection and improve detection precision of the system.Both theoretical and experimental results indicate that the MMFIID-DS intrusion detection system is fairly sound in performance.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

Huiping Chen,Jiandong Wang,Feiyue Ye,Yu Wang

2005-01-01

Abstract:An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system. To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of ”normal behaviors”. To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from ”normal” data is computed. If the similarity values are lower than a threshold value, an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.

Yu-Xin Ding,Hai-Sen Wang,Qing-Wei Liu

DOI: https://doi.org/10.1109/icmlc.2008.4620604

2008-01-01

Abstract:Traditional intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They can't rind logical relations among alerts. In addition, IDS's accuracy is low, a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining method is used to find the attack scenarios. Firstly redundancy alerts are checked and deleted, then attack scenario patterns are mined by using the associate-rule algorithms which is an improved Apriori algorithm. These mined scenario patterns are used to rind attack scenarios. In (his paper 1999 DARPA intrusion detection scenario specific datasets are used as the experimental data and the corresponding results are shown. Compared with current scenario detection methods which depend on human knowledge to define attack scenarios, our methods use data mining method to find the scenarios automatically. Our experimental results demonstrate the potential of the proposed method.

J Guan,Dx Liu,T Wang

DOI: https://doi.org/10.1007/978-3-540-24767-8_74

2004-01-01

Abstract:Two data mining methods (association rule mining and frequent episode mining) have been proved to fit to the intrusion detection problem. But the normal and the intrusions in computer networks are hard to predict as the boundaries between them cannot be well defined. This prediction process may generate false alarms in many anomaly based intrusion detection systems. This paper presented a method to realize that the false alarm rate in determining intrusive activities can be reduced with fuzzy logic. A set of fuzzy rules can be used to define the normal and abnormal behavior in a computer network, and fuzzy data mining algorithms can be applied over such rules to determine when an intrusion is in progress. In this paper, we have introduced modifications of these methods that mine fuzzy association rules and fuzzy frequent episodes and have described off-line methods that utilize these fuzzy methods for anomaly detection from audit data. We describe experiments that explore their applicability for intrusion detection. Experimental results indicate that fuzzy data mining can provide effective approximate anomaly detection.

Wu Liu,Jian-Ping Wu,Hai-Xin Duan,Xing Li

DOI: https://doi.org/10.1007/11540007_96

2006-01-01

Abstract:In this paper, we apply data mining techniques to construct intrusion detection patterns. We mine both system audit data and network traffic data for consistent and useful patterns of program and user behavior, and use an iterative low-frequency-finder mining algorithm to find the low frequency but important patterns.

Lei Zhang,Jianqing Zhang,Yong Chen,Shaowen Liao

DOI: https://doi.org/10.1109/icicta.2018.00074

2018-01-01

Abstract:In this paper, a hybrid intrusion detection model based on data mining, which is commonly used in network security anomaly detection, is proposed that combines anomaly detection with misuse detection technology. Two test stages were formed and applied to the instrusion detection system in the process of large-scale network traffic detection. On the basis of improving the detection ability of the massive information detection system, the security of the data source of the intrusion detection system was ensured.

Cai Wan

2003-01-01

Computer Science

Abstract:Intrusion Detection System (IDS) is an important network security technique. It can dynamic detect the network attack behaviors. At present, great issues for IDS are incapable of detecting the unknown malicious attack behaviors. So that, some new detection techniques are presented,data mining-based detection technique is an effective method in them. In this paper, data mining-based detection method and its key techniques are discussed in detail.

ZHANG Jin-rong,LIU Feng,ZHAO Zhi-hong,LUO Bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.24.052

2009-01-01

Abstract:There are many problems such as poor adaptability,limited extensibility and experts hand-coding in traditional intrusion detection systems.Data mining-based intrusion detection techniques can extract knowledge and patterns of abnormal intrusions and normal user profiles from training data automatically,hence resolving the problems of tradition IDS properly.Main applications of data mining to network intrusion detection are surveied,i.e.clustering analysis,classification analysis,association rule analysis and sequential patterns analysis.Basic principles of each as well as latest research and improvements.At last,a summary of existing problems and future research directions is given.

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.

Zhouzhou Liu,Wei,Hao Wang,Yangmei Zhang,Qianyun Zhang,Shining Li

DOI: https://doi.org/10.1109/access.2018.2879891

IF: 3.9

2018-01-01

IEEE Access

Abstract:Aiming at large-scale, high dimensional data, and variable intrusion behavior in wireless sensor networks (WSNs), an intrusion detection algorithm based on parallel intelligent optimization feature extraction and distributed fuzzy clustering for WSNs is proposed. First, in order to effectively reduce the data dimensionality and improve the robustness of the feature extraction process, the parallel intelligent optimization feature extraction framework is constructed on the basis of defining the optimal feature evaluation index, for which the theoretical analysis shows that the index can eliminate feature redundancy and maintain the diversity of original data. Second, the spider cluster optimization algorithm evolution rule is redefined by introducing local search and adaptive multi strategy update method, and it proves that the improved social spider optimization (ISSO) algorithm has global convergence. The ISSO is used to solve the feature extraction framework, and through the parallel feature subset selection process, the best feature combination is extracted. Finally, WSNs intrusion detection is carried out by using the best feature subset and the distributed fuzzy clustering technology, and intelligent iterative evolution method and adaptive clustering strategy are introduced in order to improve the fuzzy clustering algorithm performance. Experimental results show that the intrusion detection algorithm can effectively give the results of intrusion detection, and moreover, compared with the other detection algorithms, the intrusion detection rate is improved by about 13.1%, and the false detection rate is decreased by about 8.5%.

Li Yeda,Sun Wei

DOI: https://doi.org/10.3969/j.issn.1001-5477.2006.01.001

2006-01-01

Abstract:Intrusion detection system has long been recognized as a necessary component of a multilayered security architecture.Comparing with the traditional intrusion detection system,data mining-based intrusion detection has the feature of high precision,and to some extent can effectively recognize unknown attacks.However,the existence of false positives has long been a hindrance to deep research.In this paper,factors affecting the detection rate are analyzed and a method of intrusion detection system that can effectively improve precision and decrease false positive rate is presented.

Fang Yu Ke,Fu Yan,Zhou Jun Lin

DOI: https://doi.org/10.1109/wkdd.2010.51

2009-01-01

Abstract:The traditional IDS can not effectively manage the new continuously changing intrusion detection attacks. To deal with the problem, data mining based intrusion detection methods have been the hot fields in intrusion detection research. An outlier mining based adaptive intrusion detection framework is proposed in this paper. In the proposed framework, the outliers are firstly detected by similarity coefficient. And then, the clusters are built on the detected outlier data set and the improved association rule algorithm is employed on the clusters. Finally, the rules generated by association rule algorithm will be adaptively added into the current intrusion detection rule base. The experiments performed on simulated data and KDD99 from UCI data set have shown the effectiveness of proposed methods.