Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Yinzheng Zhong,John Y. Goulermas,Alexei Lisitsa

DOI: https://doi.org/10.48550/arXiv.2205.12064

2022-05-24

Abstract:In this paper, we consider the applications of process mining in intrusion detection. We propose a novel process mining inspired algorithm to be used to preprocess data in intrusion detection systems (IDS). The algorithm is designed to process the network packet data and it works well in online mode for online intrusion detection. To test our algorithm, we used the CSE-CIC-IDS2018 dataset which contains several common attacks. The packet data was preprocessed with this algorithm and then fed into the detectors. We report on the experiments using the algorithm with different machine learning (ML) models as classifiers to verify that our algorithm works as expected; we tested the performance on anomaly detection methods as well and reported on the existing preprocessing tool CICFlowMeter for the comparison of performance.

Cryptography and Security

Fadi Salo,MohammadNoor Injadat,Ali Bou Nassif,Aleksander Essex

DOI: https://doi.org/10.48550/arXiv.2005.12267

2020-05-24

Abstract:Cloud computing has become a powerful and indispensable technology for complex, high performance and scalable computation. The exponential expansion in the deployment of cloud technology has produced a massive amount of data from a variety of applications, resources and platforms. In turn, the rapid rate and volume of data creation has begun to pose significant challenges for data management and security. The design and deployment of intrusion detection systems (IDS) in the big data setting has, therefore, become a topic of importance. In this paper, we conduct a systematic literature review (SLR) of data mining techniques (DMT) used in IDS-based solutions through the period 2013-2018. We employed criterion-based, purposive sampling identifying 32 articles, which constitute the primary source of the present survey. After a careful investigation of these articles, we identified 17 separate DMTs deployed in an IDS context. This paper also presents the merits and disadvantages of the various works of current research that implemented DMTs and distributed streaming frameworks (DSF) to detect and/or prevent malicious attacks in a big data environment.

Cryptography and Security,Artificial Intelligence,Machine Learning

Borja Molina-Coronado,Usue Mori,Alexander Mendiburu,José Miguel-Alonso

DOI: https://doi.org/10.1109/TNSM.2020.3016246

2020-01-27

Abstract:The identification of cyberattacks which target information and communication systems has been a focus of the research community for years. Network intrusion detection is a complex problem which presents a diverse number of challenges. Many attacks currently remain undetected, while newer ones emerge due to the proliferation of connected devices and the evolution of communication technology. In this survey, we review the methods that have been applied to network data with the purpose of developing an intrusion detector, but contrary to previous reviews in the area, we analyze them from the perspective of the Knowledge Discovery in Databases (KDD) process. As such, we discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. In addition, we also present the characteristics and motivations behind the use of each of these techniques and propose more adequate and up-to-date taxonomies and definitions for intrusion detectors based on the terminology used in the area of data mining and KDD. Special importance is given to the evaluation procedures followed to assess the different detectors, discussing their applicability in current real networks. Finally, as a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

杨建华,蒋玉明,彭轮

DOI: https://doi.org/10.3969/j.issn.1008-0570.2009.24.011

2009-01-01

Abstract:In this paper an intrusion detection system based on data mining is proposed,and its main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre-processed audit data that contain network connection information. Put forward a method to improve the Apriori algorithm,whose I/O is quite surprising when scanning the database. To improve the method is feasible;the normal rules in the knowledge database in IDS are mined. And the experiment indicates that the model can produce new rules,which approve the validity and the feasibility of the IDS.

ZHANG Jin-rong,LIU Feng,ZHAO Zhi-hong,LUO Bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.24.052

2009-01-01

Abstract:There are many problems such as poor adaptability,limited extensibility and experts hand-coding in traditional intrusion detection systems.Data mining-based intrusion detection techniques can extract knowledge and patterns of abnormal intrusions and normal user profiles from training data automatically,hence resolving the problems of tradition IDS properly.Main applications of data mining to network intrusion detection are surveied,i.e.clustering analysis,classification analysis,association rule analysis and sequential patterns analysis.Basic principles of each as well as latest research and improvements.At last,a summary of existing problems and future research directions is given.

Theuns Verwoerd,Ray Hunt

DOI: https://doi.org/10.1016/s0140-3664(02)00037-3

IF: 5.047

2002-09-01

Computer Communications

Abstract:Recent security incidents and analysis have demonstrated that manual response to such attacks is no longer feasible. Intrusion detection systems (IDS) offer techniques for modelling and recognising normal and abusive system behaviour. Such methodologies include statistical models, immune system approaches, protocol verification, file and taint checking, neural networks, whitelisting, expression matching, state transition analysis, dedicated languages, genetic algorithms and burglar alarms. This paper describes these techniques including an IDS architectural outline and an analysis of IDS probe techniques finishing with a summary of associated technologies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bianka Bakullari,Wil M.P. van der Aalst

2024-05-23

Abstract:Process mining traditionally relies on input consisting of low-level events that capture individual activities, such as filling out a form or processing a product. However, many of the complex problems inherent in processes, such as bottlenecks and compliance issues, extend beyond the scope of individual events and process instances. Consider congestion, for instance, it can involve and impact numerous cases, much like how a traffic jam affects many cars simultaneously. High-level event mining seeks to address such phenomena using the regular event data available. This report offers an extensive and comprehensive overview at existing work and challenges encountered when lifting the perspective from individual events and cases to system-level events.

Databases

Wu Liu,wang jianping,Hai-Xin Duan,Xing Li

DOI: https://doi.org/10.1007/11538059_45

2005-01-01

Abstract:In this paper, we aim to develop a systematic framework to semi-automate the process of system logs and databases of intrusion detection systems (IDS). We use both Ef-attribute based mining and Es-attribute based mining to mine effective and essential attributes (hence interesting patterns) from the vast and miscellaneous system logs and IDS databases.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

Schuartz, Fábio César

DOI: https://doi.org/10.1007/s12243-024-01046-0

2024-06-09

Annals of Telecommunications

Abstract:With the growth of computer networks worldwide, there has been a greater need to protect local networks from malicious data that travel over the network. The increase in volume, speed, and variety of data requires a more robust, accurate intrusion detection system capable of analyzing a huge amount of data. This work proposes the creation of an intrusion detection system using stream classifiers and three classification layers—with and without a reduction in the number of features of the records and three classifiers in parallel with a voting system. The results obtained by the proposed system are compared against other models proposed in the literature, using two datasets to validate the proposed system. In all cases, gains in accuracy of up to 18.52% and 3.55% were obtained, using the datasets NSL-KDD and CICIDS2017, respectively. Reductions in classification time up to 35.51% and 94.90% were also obtained using the NSL-KDD and CICIDS2017 datasets, respectively.

telecommunications

Maruthi Rohit Ayyagari,Nishtha Kesswani,Munish Kumar,Krishan Kumar

DOI: https://doi.org/10.1007/s11276-020-02529-3

IF: 2.701

2021-01-02

Wireless Networks

Abstract:The entire world relates to some network capabilities in some way or the other. The data transmission on the network is getting more straightforward and quicker. An intrusion detection system helps distinguish unauthorized activities or intrusions that may settle the confidentiality, integrity, or availability of a resource. Nowadays, almost all institutions are using network-related facilities like schools, banks, offices, etc. Social media has become so popular that nearly every individual belongs to a new nation called 'Netizen.' Several approaches have been implemented to incorporate security features in network-related issues. However, vulnerable attacks are continuous, so intrusion detection systems have been proposed to secure computer systems and networks. Network security is a piece of the most fundamental issues in Computer Network Management. Moreover, an intrusion is considered to be the most revealed dangers to security. With the evolution of the networks, intrusion detection has emerged as a crucial field in networks' security. The main aim of this article is to deliver a systematic review of intrusion detection approaches and systems that are used in various network environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Simon D. Duque Anton,Anna Pia Lohfink,Christoph Garth,Hans Dieter Schotten

DOI: https://doi.org/10.1145/3360664.3360669

2019-09-09

Abstract:Due to the fourth industrial revolution, industrial applications make use of the progress in communication and embedded devices. This allows industrial users to increase efficiency and manageability while reducing cost and effort. Furthermore, the fourth industrial revolution, creating the so-called Industry 4.0, opens a variety of novel use and business cases in the industrial environment. However, this progress comes at the cost of an enlarged attack surface of industrial companies. Operational networks that have previously been phyiscally separated from public networks are now connected in order to make use of new communication capabilites. This motivates the need for industrial intrusion detection solutions that are compatible to the long-term operation machines in industry as well as the heterogeneous and fast-changing networks. In this work, process data is analysed. The data is created and monitored on real-world hardware. After a set up phase, attacks are introduced into the systems that influence the process behaviour. A time series-based anomaly detection approach, the Matrix Profiles, are adapted to the specific needs and applied to the intrusion detection. The results indicate an applicability of these methods to detect attacks in the process behaviour. Furthermore, they are easily integrated into existing process environments. Additionally, one-class classifiers One-Class Support Vector Machines and Isolation Forest are applied to the data without a notion of timing. While Matrix Profiles perform well in terms of creating and visualising results, the one-class classifiers perform poorly.

Cryptography and Security

Gunupudi RajeshKumar,N Mangathayaru,G Narsimha

DOI: https://doi.org/10.48550/arXiv.1603.03837

2016-03-12

Cryptography and Security

Abstract:Intrusion Detection is one of major threats for organization. The approach of intrusion detection using text processing has been one of research interests which is gaining significant importance from researchers. In text mining based approach for intrusion detection, system calls serve as source for mining and predicting possibility of intrusion or attack. When an application runs, there might be several system calls which are initiated in the background. These system calls form the strong basis and the deciding factor for intrusion detection. In this paper, we mainly discuss the approach for intrusion detection by designing a distance measure which is designed by taking into consideration the conventional Gaussian function and modified to suit the need for similarity function. A Framework for intrusion detection is also discussed as part of this research.

Keturahlee Coulibaly

DOI: https://doi.org/10.48550/arXiv.2004.08967

2020-04-20

Abstract:Cyber threats are increasing not only in their volume but also in their sophistication and difficulty to detect. Attacks have become a national/global threat as they have targeted private and public, as well as government sectors over the years. This is a growing issue and organisations are taking steps to reduce, detect and prevent threats. To do this they need to use systems that are equipped with the capabilities to do either of those steps and develop them for the type of networks they use, for instance wired or wireless. One of these systems are Intrusion Detection Systems (IDS), which can be used as the first defence mechanism or a secondary defence mechanism of a threat or an attack. There are different types of attacks that can occur in a network, such as Denial of service (DoS)/Distributed Denial of Service (DDoS), port scanning, malware or ransomware and so forth that IDSs have a capability of detecting. Assisting in the mitigation of such attacks, there are also Intrusion Prevention Systems (IPS) whose role has a different purpose than that of IDSs. Unlike IDSs they not only detect threats but prevent them from disrupting the network, IPSs can be used in conjunction with IDSs to double the defences. This paper provides an overview of IDS and their classifications and IPS. It will detail typical benefits and limitations to using IDSs, IPSs and the hybrids (such as Intrusions Detection Prevention Systems (IDPSs and more)) which will be discussed further. It will also outline developments in the making using ML and how it is used to improve these systems and the dilemmas they produce and possible ways to counter act them.

Cryptography and Security

Wu Liu,Jian-Ping Wu,Hai-Xin Duan,Xing Li

DOI: https://doi.org/10.1007/11540007_96

2006-01-01

Abstract:In this paper, we apply data mining techniques to construct intrusion detection patterns. We mine both system audit data and network traffic data for consistent and useful patterns of program and user behavior, and use an iterative low-frequency-finder mining algorithm to find the low frequency but important patterns.

Kiarash Diba,Kimon Batoulis,Matthias Weidlich,Mathias Weske

DOI: https://doi.org/10.1002/widm.1346

2019-12-20

WIREs Data Mining and Knowledge Discovery

Abstract:<p>Process mining provides a rich set of techniques to discover valuable knowledge of business processes based on data that was recorded in different types of information systems. It enables analysis of end‐to‐end processes to facilitate process re‐engineering and process improvement. Process mining techniques rely on the availability of data in the form of event logs. In order to enable process mining in diverse environments, the recorded data need to be located and transformed to event logs. The journey from raw data to event logs suitable for process mining can be addressed by a variety of methods and techniques, which are the focus of this article. In particular, techniques proposed in the literature to support the creation of event logs from raw data are reviewed and classified. This includes techniques for identification and extraction of the required event data from diverse sources as well as their correlation and abstraction.</p><p>This article is categorized under: </p><ul class="plain-list"><li>Technologies &gt; Structure Discovery and Clustering</li><li>Fundamental Concepts of Data and Knowledge &gt; Data Concepts</li><li>Technologies &gt; Data Preprocessing</li></ul>

Ali Norouzifar,Marcus Dees,Wil van der Aalst

2024-08-30

Abstract:Process discovery aims to discover descriptive process models from event logs. These discovered process models depict the actual execution of a process and serve as a foundational element for conformance checking, performance analyses, and many other applications. While most of the current process discovery algorithms primarily rely on a single event log for model discovery, additional sources of information, such as process documentation and domain experts' knowledge, remain untapped. This valuable information is often overlooked in traditional process discovery approaches. In this paper, we propose a discovery technique incorporating such knowledge in a novel inductive mining approach. This method takes a set of user-defined or discovered rules as input and utilizes them to discover enhanced process models. Our proposed framework has been implemented and tested using several publicly available real-life event logs. Furthermore, to showcase the framework's effectiveness in a practical setting, we conducted a case study in collaboration with UWV, the Dutch employee insurance agency.

Formal Languages and Automata Theory

Liu Hua Yeo,Xiangdong Che,Shalini Lakkaraju

DOI: https://doi.org/10.48550/arXiv.1708.07174

2017-08-23

Cryptography and Security

Abstract:Intrusion detection systems (IDS) help detect unauthorized activities or intrusions that may compromise the confidentiality, integrity or availability of a resource. This paper presents a general overview of IDSs, the way they are classified, and the different algorithms used to detect anomalous activities. It attempts to compare the various methods of intrusion techniques. It also describes the various approaches and the importance of IDSs in information security.