Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

ZHANG Jun,YANG Fan

DOI: https://doi.org/10.3969/j.issn.1000-2340.2006.04.026

2006-01-01

Abstract:The current state of data mining techniques is discussed and some problems that should be paid attention to in the use of these techniques for the intrusion detection system are introduced.Moreover,some modified methods being considered,the anomalous and known intrusions can be recognized,and some improved schemes are presented.In addition,the future research direction is pointed out,too.

Hongxia Xia,Qi Shen,Luo Zhong,Shan Feng,Rui Hao

DOI: https://doi.org/10.1145/1046290.1046337

2004-01-01

Abstract:Based on the analysis of current intrusion detection technologies, the article focuses on the application of Data Mining and Genetic Algorithm to the Intrusion Detection System. The integration of them would be competent for solving some traditional problems like the block in the course of knowledge acquisition in the expert system and the dynamic update of rules. Meanwhile, according to the practical characteristics of network intrusions, the article makes some improvements on the traditional FP growth algorithm by adopting the restrictions of the key properties to guide the process of mining, which can be profitable in discovering the frequent patterns that are more meaningful for us.

杨建华,蒋玉明,彭轮

DOI: https://doi.org/10.3969/j.issn.1008-0570.2009.24.011

2009-01-01

Abstract:In this paper an intrusion detection system based on data mining is proposed,and its main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre-processed audit data that contain network connection information. Put forward a method to improve the Apriori algorithm,whose I/O is quite surprising when scanning the database. To improve the method is feasible;the normal rules in the knowledge database in IDS are mined. And the experiment indicates that the model can produce new rules,which approve the validity and the feasibility of the IDS.

Xu Tao,Zhang Wei,Li XuHong,Wang Xia,Pan Wenwen

DOI: https://doi.org/10.2991/iccmcee-15.2015.244

2015-01-01

Abstract:The rapid development of the Internet makes distributed computing has become a mainstream application, network openness, connectivity, shared characteristics, so that the risk of suffering from the growing network intrusions. How to ensure the network and information security has become very important in the field of security issues. From the initial access control mechanisms to combine packet filtering and application layer gateway firewall technology, each is not the perfect solution. Intrusion detection is a network and information security architecture an important part of the intrusion detection system put forward higher requirements. Current greatest weakness of the face of live flowers audit records cannot be quickly mass intrusion detection and high false positive rate of serious impact on system performance. This paper proposes a new intrusion detection method, and on this basis, based on data mining developed based anomaly intrusion detection system prototype network.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

张博,李伟华,布日古德

DOI: https://doi.org/10.3969/j.issn.1671-654X.2004.04.038

2004-01-01

Abstract:For the developed of knowledge discover and other relative technology, the date mining has been a focus in these days. This technology is very effective on building in signature and models in the Intrusion Detection System (IDS). To deal with the lots of Intrusion, we build the signature database and signature association combing with the concept of the association rules of date mining and enhance the network security through audit.

Zichuan Jin,Yanpeng Cui,Zheng Yan

DOI: https://doi.org/10.1145/3341620.3341632

2019-01-01

Abstract:With the development of data mining learning algorithms, such as One-class SVM, Fuzzy Clustering, K-means, Apriori and so on, they are more and more widely used in the field of security log analysis. For example, the combination of time series algorithm and association algorithm can be used to mine frequent item sets in transaction databases, and then generate association rules to discover the intrinsic relationship of security logs and find out the potential attack patterns of hackers. The combination of dimensionality reduction algorithm and clustering algorithm can speed up the distinction between normal log data and abnormal log data, and improve the efficiency. This paper discusses the latest security log analysis methods based on different data mining algorithms at home and abroad, lists the contribution and role of each research method for security analysis, and compares the advantages and disadvantages of the combination of different data mining algorithms for security analysis. According to the current demand of network security research, this paper puts forward the improvement direction of combining data mining algorithm with security log in the future.

Zhi Yan Wang,Bei Zhan Wang,Yi Dong Wang

DOI: https://doi.org/10.4028/www.scientific.net/amr.989-994.4974

2014-01-01

Advanced Materials Research

Abstract:As the Internet is developing fast, network security issues are rising. Data mining technology is applied to the analysis and understanding data, revealing hidden data secret inside knowledge. Especially high dimensional data mining can be used in information security data analyze, making the study of high-dimensional data mining very important. In this paper, traditional data mining is introduced; the concept and core ideas of high dimensional data mining are described, as well as its applications in network security.

J Guan,Dx Liu,T Wang

DOI: https://doi.org/10.1007/978-3-540-24767-8_74

2004-01-01

Abstract:Two data mining methods (association rule mining and frequent episode mining) have been proved to fit to the intrusion detection problem. But the normal and the intrusions in computer networks are hard to predict as the boundaries between them cannot be well defined. This prediction process may generate false alarms in many anomaly based intrusion detection systems. This paper presented a method to realize that the false alarm rate in determining intrusive activities can be reduced with fuzzy logic. A set of fuzzy rules can be used to define the normal and abnormal behavior in a computer network, and fuzzy data mining algorithms can be applied over such rules to determine when an intrusion is in progress. In this paper, we have introduced modifications of these methods that mine fuzzy association rules and fuzzy frequent episodes and have described off-line methods that utilize these fuzzy methods for anomaly detection from audit data. We describe experiments that explore their applicability for intrusion detection. Experimental results indicate that fuzzy data mining can provide effective approximate anomaly detection.

Quan ZHOU,Feng-Ying ZHAO,Chong-Jun WANG,Shi-Fu CHEN

DOI: https://doi.org/10.3969/j.issn.1003-6059.2008.04.015

2008-01-01

Abstract:The solution based on multi-approaches of data mining involving k-means, C4.5, Naive Bayes, Bayes net and Co-training is proposed in order to deal with the major problems of intrusion detection dataset such as class balance, class overlapping, noise, distributions etc. The experiment results show its validity.

Yangbin Liu,Liang Shi,Beizhan Wang,Panhong Wang

2010-01-01

Abstract:Data mining based adaptive intrusion detection is a new direction of the modern intrusion detection research domain. This paper gives a comprehensive and profound introduction to some representative intrusion detection technologies based on data mining, analyzing the status quo of this research field as well as the existing problems, and then the future development of this kind of technologies is prospected.

Cai Wan

2003-01-01

Computer Science

Abstract:Intrusion Detection System (IDS) is an important network security technique. It can dynamic detect the network attack behaviors. At present, great issues for IDS are incapable of detecting the unknown malicious attack behaviors. So that, some new detection techniques are presented,data mining-based detection technique is an effective method in them. In this paper, data mining-based detection method and its key techniques are discussed in detail.

宋世杰,胡华平,胡笑蕾,金士尧

2003-01-01

Abstract:Data mining techniques can be applied to IDSs from many aspects. We can find out the advantage and disadvantage of data mining, and propose new ideas to improve and develop IDSs by reasonable classification. In this paper, we introduce some data mining algorithms application to IDS. Then we present a classification method of IDS based on data mining, and describe the process of each method. Finally we propose a IDS based on log mining and demonstrate its feasibility.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

杨向荣,宋擒豹,沈钧毅

DOI: https://doi.org/10.3321/j.issn:0253-987X.2002.02.016

2002-01-01

Abstract:An efficient method based on data mining is presented for detecting network intrusion. According to this method, user's behavior patterns are mined from IP packets, and used to build user's behavior rules base automatically. By comparing similarity, the new method can be used to detect known and unknown network attacks in real-time. The user's behavior patterns mining algorithm IDSPADE is described in detail, which is the most important part of DMIDS. The experimental results indicate that this algorithm is efficient enough to meet the needs of active detect novel intrusion. Compared with most existing systems by using the pure knowledge engineering approaches, the algorithm is more intelligent and adaptive.

覃爱明,胡昌振,谭惠民

DOI: https://doi.org/10.3969/j.issn.1009-6094.2001.01.007

2001-01-01

Applied Mechanics and Materials

Abstract:With the developement of network technology and network connection scales, network security has already been an important research task. In this regard it is imperative to detect those unseen system attacks in an automated monitoring environment. As a new kind of network security technology, network intrusion detection seeks to detect attacks in an organization's security policy quite simply. However, existing intrusion detection systems rely heavily on human analysts to differentiate intrusive from non-intrusive network traffic. For such purpose machine learning techniques are used to provide decision aids for the analysts and automatically generate rules for computer network intrusion detection. Machine learning can be viewed as the attempt to build computer programs that improve performance of some task though learning and experience. This investigation goes back to the middle of 1990's. The present review gives a brief introduction to 6 kinds of machine learning approaches for network intrusion detection system, namely, Data Mining, Neural Networks, Genetic Algorithms, Decision Trees, Rough Sets and Immune System-Based Approach. Their principles and learning processes are presented in details. On the basis of the introduction , the respective advantages and disadvantages are commented. In the end, the developing directions of machine learning techniques are addressed according to the application requirements of network intrusion detection system.

宋世杰,胡华平,胡笑蕾,金士尧

2003-01-01

Abstract:The key issue of anomaly NIDS is building normal patterns, comparing current system or user behaviors with history behaviors, and then detecting intrusion. We introduced some data mining algorithms, presentd a classification method of IDS based on data mining, and described the process of data mining application in anomaly NIDS from network layer and application layer. We proposed three methods of pattern comparison in detail, and verified that the obtained normal audit data is enough for network layer anomaly NIDS.'

Lei Zhang,Jianqing Zhang,Yong Chen,Shaowen Liao

DOI: https://doi.org/10.1109/icicta.2018.00074

2018-01-01

Abstract:In this paper, a hybrid intrusion detection model based on data mining, which is commonly used in network security anomaly detection, is proposed that combines anomaly detection with misuse detection technology. Two test stages were formed and applied to the instrusion detection system in the process of large-scale network traffic detection. On the basis of improving the detection ability of the massive information detection system, the security of the data source of the intrusion detection system was ensured.