Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

ZHANG Jin-rong,LIU Feng,ZHAO Zhi-hong,LUO Bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.24.052

2009-01-01

Abstract:There are many problems such as poor adaptability,limited extensibility and experts hand-coding in traditional intrusion detection systems.Data mining-based intrusion detection techniques can extract knowledge and patterns of abnormal intrusions and normal user profiles from training data automatically,hence resolving the problems of tradition IDS properly.Main applications of data mining to network intrusion detection are surveied,i.e.clustering analysis,classification analysis,association rule analysis and sequential patterns analysis.Basic principles of each as well as latest research and improvements.At last,a summary of existing problems and future research directions is given.

Hyeok Kong,Cholyong Jong,Unhyok Ryang

DOI: https://doi.org/10.48550/arXiv.1601.05335

2016-01-20

Cryptography and Security

Abstract:Many modern intrusion detection systems are based on data mining and database-centric architecture, where a number of data mining techniques have been found. Among the most popular techniques, association rule mining is one of the important topics in data mining research. This approach determines interesting relationships between large sets of data items. This technique was initially applied to the so-called market basket analysis, which aims at finding regularities in shopping behaviour of customers of supermarkets. In contrast to dataset for market basket analysis, which takes usually hundreds of attributes, network audit databases face tens of attributes. So the typical Apriori algorithm of association rule mining, which needs so many database scans, can be improved, dealing with such characteristics of transaction database. In this paper we propose an impoved Apriori algorithm, very useful in practice, using scan of network audit database only once by transaction cutting and hashing.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

Lei Zhang,Jianqing Zhang,Yong Chen,Shaowen Liao

DOI: https://doi.org/10.1109/icicta.2018.00074

2018-01-01

Abstract:In this paper, a hybrid intrusion detection model based on data mining, which is commonly used in network security anomaly detection, is proposed that combines anomaly detection with misuse detection technology. Two test stages were formed and applied to the instrusion detection system in the process of large-scale network traffic detection. On the basis of improving the detection ability of the massive information detection system, the security of the data source of the intrusion detection system was ensured.

YUAN Chao-hua,BAI Wen-yang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.04.032

2006-01-01

Abstract:This paper presents a model of database intrusion detection system,which uses data mining on the audit data in database systems to derive user profiles that describe normal behavior of users.The profiles can be used to detect abnormal behavior of users.

吕志军,袁卫忠,仲海骏,黄皓,曾庆凯,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137x.2004.10.015

2004-01-01

Computer Science

Abstract:Intrusion detection system(IDS)must be capable of detecting new and unknown attacks. In this paper, we propose an Anomaly Detection System based on Data Mining(ADESDM). Firstly, ADESDM mine suspicious behaviors in the protocol header, ports and application data with strong association rules and weak association rules; then, it sends the suspicious behaviors to the Deciding Module based on Bayesian Belief Net (DMBBN). In real network communications, the attributes, such as time, direction, ports and IP addresses, are influencing each other. The DMBBN illustrates the conditional probabilities and relationship among the above attributes, and uses them to determine whether the suspicious behaviors are normal ones or attacks. Thus, system can reduce the false alarm rate.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

CHEN Jie,WANG Yu-xi,ZHANG Rui-lin,QIAN Yun-tao,BAO Wei-jiang

DOI: https://doi.org/10.3969/j.issn.1673-3851.2008.06.014

2008-01-01

Abstract:Based on the obtaining railway public safety information,this paper uses the typical association rule extracting algorithms-Apriori and improved algorithm AprioriTid,for analyzing and verifying.The mutual relations among the humans,events and matters in the violation cases are extracted,which can be used to predict the future public order situation in railway stations.The information can also be used to guide the police management to the key time interval,key district and key cases,so the police can be arranged scientifically and reasonably to overcome the shortage of police manpower.At the same time,the authors also compare the efficiency of the two algorithms,and find AprioriTid is better than Apriori algorithm in respect of both accuracy and time complexity.

Wu Liu,Jian-Ping Wu,Hai-Xin Duan,Xing Li

DOI: https://doi.org/10.1007/11540007_96

2006-01-01

Abstract:In this paper, we apply data mining techniques to construct intrusion detection patterns. We mine both system audit data and network traffic data for consistent and useful patterns of program and user behavior, and use an iterative low-frequency-finder mining algorithm to find the low frequency but important patterns.

Quan ZHOU,Feng-Ying ZHAO,Chong-Jun WANG,Shi-Fu CHEN

DOI: https://doi.org/10.3969/j.issn.1003-6059.2008.04.015

2008-01-01

Abstract:The solution based on multi-approaches of data mining involving k-means, C4.5, Naive Bayes, Bayes net and Co-training is proposed in order to deal with the major problems of intrusion detection dataset such as class balance, class overlapping, noise, distributions etc. The experiment results show its validity.

ZHAO Yu-ming,ZHANG Wei,teng SH

2007-01-01

Abstract:The technique of intrusion detection has become a focus in the field ofnetwork security. This paper introduced the categories of intrusion detection and the methods of data mining applied in abnormal detection. It also described the design and implementation of the abnormal IDS based on system call and data mining algorithms.

Wu Liu,wang jianping,Hai-Xin Duan,Xing Li

DOI: https://doi.org/10.1007/11538059_45

2005-01-01

Abstract:In this paper, we aim to develop a systematic framework to semi-automate the process of system logs and databases of intrusion detection systems (IDS). We use both Ef-attribute based mining and Es-attribute based mining to mine effective and essential attributes (hence interesting patterns) from the vast and miscellaneous system logs and IDS databases.

Shuai Jiang,Xiaolong Xu

DOI: https://doi.org/10.1109/CSCWD49262.2021.9437645

2021-01-01

Abstract:Intrusion detection system (IDS), as a network security device, monitors network data in real time and responds actively when it detects suspicious transmissions. However, suffered from the large amount of redundancy and high correlation of network data, the traditional IDS have defects in low detection rate and high computational overhead. In this paper, we propose a network data classification m...

XIAO Zheng-hong,YIN Hao

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.05.023

2006-01-01

Abstract:At first this paper introduces the development process of intrusion detection, then it describes the detection. Secondly, intrusion detection techniques for statistics analysis based on network traffic are thoroughly discussed in this paper, and it also points the future research aspects. Finally we document some remaining problems and challenges, and give the possible solution.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Nkondock Mi Bahanag Nicolas,Atsa Etoundi Roger

DOI: https://doi.org/10.5539/nct.v7n1p55

2022-07-31

Network and Communication Technologies

Abstract:Information Systems handle big amount of data within enterprises by offering the possibility to collect, treat, keep and make information avail- able. To realize these tasks, it is important to secure data from intrusions that can affect confidentiality, availability and integrity of information. Un- fortunately, with the time, technologies are more used and various types of attacks act on it to create intrusion or misuses within Information Systems. Research in intrusion detection field is still looking for solutions of such relevant problems. The purpose of this paper is to present an overview of existing intrusion detection techniques compared to a new issue based on process mining used for event logs analysis to detect abnormal events that occurs on the system. events are classified accordingly to security policy etablished with fuzzy logic to build a set of fuzzy rules, for the definition of normal and abnormal events and then reduce the high level of false alerts.

Lü Hong-zhu,ZHANG Jian-ping,DENG Wen-xin

DOI: https://doi.org/10.3969/j.issn.1007-9831.2007.06.011

2007-01-01

Abstract:The body under study is the technology of data mining.However,the intrusion model of the current IDS can't reflect the intrusion characteristics well,a new model of the abnormity detection model with the application of DM technology was given and the abnormity detection model of design process.

Yongjin Liu,Na Li,Leina Shi,FangPing Li

DOI: https://doi.org/10.1109/EDT.2010.5496597

2010-01-01

Abstract:How to find the intrusion behaviors is a problem that troubled the intrusion detection field for years. Until now, there is not a good method to solve it, epically in a realistic context. Most methods are effective on small data sets, but when used to the massive data of IDS, the effectiveness seems to be unsatisfactory. In this paper, a new method based on decision tree is discussed to solve the problem of low detection rate of massive data. ©2010 IEEE.