Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

吕志军,袁卫忠,仲海骏,黄皓,曾庆凯,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137x.2004.10.015

2004-01-01

Computer Science

Abstract:Intrusion detection system(IDS)must be capable of detecting new and unknown attacks. In this paper, we propose an Anomaly Detection System based on Data Mining(ADESDM). Firstly, ADESDM mine suspicious behaviors in the protocol header, ports and application data with strong association rules and weak association rules; then, it sends the suspicious behaviors to the Deciding Module based on Bayesian Belief Net (DMBBN). In real network communications, the attributes, such as time, direction, ports and IP addresses, are influencing each other. The DMBBN illustrates the conditional probabilities and relationship among the above attributes, and uses them to determine whether the suspicious behaviors are normal ones or attacks. Thus, system can reduce the false alarm rate.

宋世杰,胡华平,胡笑蕾,金士尧

DOI: https://doi.org/10.3969/j.issn.1673-825X.2004.01.005

2004-01-01

Abstract:Misuse of NIDS based on data mining shows more advantages than traditional NIDS. Data mining is a process of finding rules automatically, and it can automatic only construct features and improve accuracy and offer a possibility for detecting unknown intrusions. This paper introduces some data mining algorisms, and presents a classification method of IDS based on data mining,and finally completes the process of data mining application to misuse NIDS from network layer and application layer.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

杨建华,蒋玉明,彭轮

DOI: https://doi.org/10.3969/j.issn.1008-0570.2009.24.011

2009-01-01

Abstract:In this paper an intrusion detection system based on data mining is proposed,and its main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre-processed audit data that contain network connection information. Put forward a method to improve the Apriori algorithm,whose I/O is quite surprising when scanning the database. To improve the method is feasible;the normal rules in the knowledge database in IDS are mined. And the experiment indicates that the model can produce new rules,which approve the validity and the feasibility of the IDS.

Hu Zhengbing,Li Zhitang,Wu Junqi

DOI: https://doi.org/10.1109/wkdd.2008.48

2008-01-01

Abstract:Network security has been a very important issue, since the rising evolution of the Internet. There has been an increasing need for security systems against the external attacks from the hackers. One important type is the Intrusion Detection System (IDS). There are two major categories of the analysis techniques of IDS: the anomaly detection and the misuse detection. Here we forcus on misuse detection, the misuse detection collected the attack signatures in a database as the same as virus protection software to detect the relate attacks. we propose an algorithm to use the known signature to find the signature of the related attack quickly.

宋世杰,胡华平,胡笑蕾,金士尧

2003-01-01

Abstract:Data mining techniques can be applied to IDSs from many aspects. We can find out the advantage and disadvantage of data mining, and propose new ideas to improve and develop IDSs by reasonable classification. In this paper, we introduce some data mining algorithms application to IDS. Then we present a classification method of IDS based on data mining, and describe the process of each method. Finally we propose a IDS based on log mining and demonstrate its feasibility.

Xiejun Ni,Daojing He,Farooq Ahmad

DOI: https://doi.org/10.21015/vtse.v9i2.403

2016-01-01

VFAST Transactions on Software Engineering

Abstract:Revised July 2015 ABSTRACT. Network anomaly detection is an effective way to detect intrusions which defends our computer systems or network from attackers on the Internet. In this paper, we introduce the current research works in network anomaly detection and consider several pratical solutions for this issue. Different from signature-based method, data mining techniques can automatically extract normal pattern from a large set of network data and distinguish them from each other. However, those data mining techniques, such as classification, clustering, association rules and feature selection, can not be applied into this problem directly due to the characteristic of network data and technique themselves. We analyze those unfitness and propose some adaptation to detect anomaly timely and accurately.

胡亮,金刚,于漫,任斐,任维武

DOI: https://doi.org/10.3321/j.issn:1671-5489.2009.06.032

2009-01-01

Abstract:The authors provided a comprehensive survey of anomaly detection systems used in the recent years.Intrusion detection was divided into 3 kinds based on technologies used.They are statistical anomaly detection,machine learning based anomaly detection and data mining based anomaly detection.The authors described the various features of anomaly detection technologies in details,represented the algorithms used in the current Anomaly Intrusion Detection Systems,the implements of the algorithms,and also compared the effects of various detection algorithms through the experiment.

Chuan-chuan Li,Yan-heng Liu,Da-xin Tian

DOI: https://doi.org/10.3969/j.issn.1671-5497.2007.01.024

2007-01-01

Abstract:The paper applies data mining technology to network intrusion detection system (NIDS) according to the characteristics of NIDS. The design principles and the implementation of the NIDS are illustrated. The main attribute and interest measure are introduced to improve the (GSP) algorithm, which is then applied in the data mining module of the system. The results of experiments show that the precision and performance of the NIDS are improved by the optimized algorithm.

杨向荣,宋擒豹,沈钧毅

DOI: https://doi.org/10.3321/j.issn:0253-987X.2002.02.016

2002-01-01

Abstract:An efficient method based on data mining is presented for detecting network intrusion. According to this method, user's behavior patterns are mined from IP packets, and used to build user's behavior rules base automatically. By comparing similarity, the new method can be used to detect known and unknown network attacks in real-time. The user's behavior patterns mining algorithm IDSPADE is described in detail, which is the most important part of DMIDS. The experimental results indicate that this algorithm is efficient enough to meet the needs of active detect novel intrusion. Compared with most existing systems by using the pure knowledge engineering approaches, the algorithm is more intelligent and adaptive.

宋世杰,胡华平,胡笑蕾,金士尧

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.16.049

2004-01-01

Abstract:This paper completes the process of mining association rules and sequence patterns from network audit data, selecties and constructies temporary statistic features, and builds misuse NIDS model with RIPPER classification.

Lei Zhang,Jianqing Zhang,Yong Chen,Shaowen Liao

DOI: https://doi.org/10.1109/icicta.2018.00074

2018-01-01

Abstract:In this paper, a hybrid intrusion detection model based on data mining, which is commonly used in network security anomaly detection, is proposed that combines anomaly detection with misuse detection technology. Two test stages were formed and applied to the instrusion detection system in the process of large-scale network traffic detection. On the basis of improving the detection ability of the massive information detection system, the security of the data source of the intrusion detection system was ensured.

ZHANG Jin-rong,LIU Feng,ZHAO Zhi-hong,LUO Bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.24.052

2009-01-01

Abstract:There are many problems such as poor adaptability,limited extensibility and experts hand-coding in traditional intrusion detection systems.Data mining-based intrusion detection techniques can extract knowledge and patterns of abnormal intrusions and normal user profiles from training data automatically,hence resolving the problems of tradition IDS properly.Main applications of data mining to network intrusion detection are surveied,i.e.clustering analysis,classification analysis,association rule analysis and sequential patterns analysis.Basic principles of each as well as latest research and improvements.At last,a summary of existing problems and future research directions is given.

ZHAO Yu-ming,ZHANG Wei,teng SH

2007-01-01

Abstract:The technique of intrusion detection has become a focus in the field ofnetwork security. This paper introduced the categories of intrusion detection and the methods of data mining applied in abnormal detection. It also described the design and implementation of the abnormal IDS based on system call and data mining algorithms.

Sun Jian-hua,Jin Hai,Chen Hao,Han Zong-fen

DOI: https://doi.org/10.1007/bf02828629

2005-01-01

Abstract:Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

Jianhua Sun,Hai Jin,Hao Chen,Zong F. Man

2005-01-01

Wuhan University Journal of Natural Sciences

Abstract:Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

郭泓,曹元大

DOI: https://doi.org/10.3969/j.issn.1001-0645.2003.02.020

2003-01-01

Journal of Beijing Institute of Technology

Abstract:Data mining techniques are used to deal with the huge mount of information of log audit data and detect the network intrusion patterns. The key idea is to discover the useful patterns that describe user behavior by utilizing two general mining algorithms: the association rules algorithm and the frequent episodes algorithm. They can be used to compute the intra audit and inter audit record patterns. To meet the challenges of high speed and efficient mining, we amend the algorithms to reach a good balance between the time and space by using a bit vector indicating the frequent item.

Cai Wan

2003-01-01

Computer Science

Abstract:Intrusion Detection System (IDS) is an important network security technique. It can dynamic detect the network attack behaviors. At present, great issues for IDS are incapable of detecting the unknown malicious attack behaviors. So that, some new detection techniques are presented,data mining-based detection technique is an effective method in them. In this paper, data mining-based detection method and its key techniques are discussed in detail.