article

Adaptive Intrusion Detection: A Data Mining Approach

Authors:

Salvatore J. Stolfo,

Kui W. MokAuthors Info & Claims

Artificial Intelligence Review, Volume 14, Issue 6

Pages 533 - 567

https://doi.org/10.1023/A:1006624031083

Published: 01 December 2000 Publication History

Abstract

In this paper we describe a data mining framework for constructing intrusion detection models. The first key idea is to mine system audit data for consistent and useful patterns of program and user behavior. The other is to use the set of relevant system features presented in the patterns to compute inductively learned classifiers that can recognize anomalies and known intrusions. In order for the classifiers to be effective intrusion detection models, we need to have sufficient audit data for training and also select a set of predictive system features. We propose to use the association rules and frequent episodes computed from audit data as the basis for guiding the audit data gathering and feature selection processes. We modify these two basic algorithms to use axis attribute(s) and reference attribute(s) as forms of item constraints to compute only the relevant patterns. In addition, we use an iterative level-wise approximate mining procedure to uncover the low frequency but important patterns. We use meta-learning as a mechanism to make intrusion detection models more effective and adaptive. We report our extensive experiments in using our framework on real-world audit data.

References

[1]

Agrawal, R., Imielinski, T. & Swami, A. (1993). Mining Association Rules between Sets of Items in Large Databases. In Proceedings of the ACM SIGMOD Conference on Management of Data, 207-216.

Digital Library

[2]

Agrawal, R. & Srikant, R. (1994). Fast Algorithms for Mining Association Rules. In Proceedings of the 20th VLDB Conference. Santiago, Chile.

Digital Library

[3]

Agrawal, R. & Srikant, R. (1995). Mining Sequential Patterns. In Proceedings of the 11th International Conference on Data Engineering. Taipei, Taiwan.

Digital Library

[4]

Bellovin, S.M. (1989). Security Problems in the TCP/IP Protocol Suite. Computer Communication Review 19(2): 32-48.

Digital Library

[5]

Chan, P.K. & Stolfo, S.J. (1993). Toward Parallel and Distributed Learning by Meta-Learning. In AAAI Workshop in Knowledge Discovery in Databases, 227-240.

[6]

Cohen, W.W. (1995). Fast Effective Rule Induction. In Machine Learning: the 12th International Conference. Lake Taho, CA.

[7]

Fawcett, T. & Provost, F. (1997). Adaptive Fraud Detection. Data Mining and Knowledge Discovery 1: 291-316.

Digital Library

[8]

Forrest, S., Hofmeyr, S.A., Somayaji, A. & Longstaff, T.A. (1996). A Sense of Self for Unix Processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 120- 128. Los Alamitos, CA.

Digital Library

[9]

Grampp, F.T. & Morris, R.H. (1984). Unix System Security. AT&T Bell Laboratories Technical Journal 63(8): 1649-1672.

[10]

Han, J. & Fu, Y. (1995). Discovery of Multiple-Level Association Rules from Large Databases. In Proceedings of the 21th VLDB Conference. Zurich, Switzerland.

Digital Library

[11]

Heady, R., Luger, G., Maccabe, A. & Servilla, M. (1990). The Architecture of a Network Level Intrusion Detection System. Technical report, Computer Science Department, University of New Mexico.

[12]

Ilgun, K., Kemmerer, R.A. & Porras, P.A. (1995). State Transition Analysis: A Rule-Based Intrusion Detection Approach. IEEE Transactions on Software Engineering 21(3): 181- 199.

Digital Library

[13]

Jacobson, V., Leres, C. & McCanne, S. (1989). tcpdump. available via anonymous ftp to ftp.ee.lbl.gov.

[14]

Klemettinen, M., Mannila, H., Ronkainen, P., Toivonen, H. & Verkamo, A.I. (1994). Finding Interesting Rules from Large Sets of Discovered Association Rules. In Proceedings of the 3rd International Conference on Information and Knowledge Management (CIKM'94), 401-407. Gainthersburg, MD.

Digital Library

[15]

Kumar, S. & Spafford, E.H. (1995). A Software Architecture to Support Misuse Intrusion Detection. In Proceedings of the 18th National Information Security Conference, 194-204.

[16]

Lane, T. & Brodley, C.E. (1997). Sequence Matching and Learning in Anomaly Detection for Computer Security. In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, 43-49.

[17]

Lee, W. & Stolfo, S.J. (1998). Data Mining Approaches for Intrusion Detection. In Proceedings of the 7th USENIX Security Symposium. San Antonio, TX.

Digital Library

[18]

Lee, W., Stolfo, S.J. & Mok, K.W. (1998). Mining Audit Data to Build Intrusion Detection Models. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining. New York, NY.

[19]

Lee, W., Stolfo, S.J. & Mok, K.W. (1999). Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD-99).

Digital Library

[20]

Lent, B., Swami, A. & Widom, J. (1997). Clustering Association Rules. In Proceedings of the 13th International Conference on Data Engineering. Birmingham, UK.

Digital Library

[21]

Lunt, T. (1993). Detecting Intruders in Computer Systems. In Proceedings of the 1993 Conference on Auditing and Computer Technology.

[22]

Lunt, T., Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P., Javitz, H., Valdes, A. & Garvey, T. (1992). A Real-time Intrusion Detection Expert System (IDES) - Final Technical Report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California.

[23]

Mannila, H. & Toivonen, H. (1996). Discovering Generalized Episodes Using Minimal Occurrences. In Proceedings of the 2nd International Conference on Knowledge Discovery in Databases and Data Mining. Portland, Oregon.

[24]

Mannila, H., Toivonen, H. & Verkamo, A.I. (1995). Discovering Frequent Episodes in Sequences. In Proceedings of the 1st International Conference on Knowledge Discovery in Databases and Data Mining. Montreal, Canada.

Digital Library

[25]

McClure, S., Scambray, J. & Broderick, J. (1998). Test Center Comparison: Network Intrusion-detection Solutions. In INFOWORLD May 4, 1998.

[26]

Srikant, R., Vu, Q. & Agrawal, R. (1997). Mining Association Rules with Item Constraints. In Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, 67-73. Newport Beach, California.

[27]

Stolfo, S.J., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W. & Chan, P.K. (1997). JAM: Java Agents for Meta-Learning over Distributed Databases. In Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, 74-81. Newport Beach, CA.

[28]

Utgoff, P.E., Berkman, N.C. & Clouse, J.A. (1997). Decision Tree Induction Based on Efficient Tree Restructuring. Machine Learning 29: 5-44.

Digital Library

Cited By

Fenjan AAlmashhadany MAhmed SFadel HSekhar RShah PVeena B(2024)Adaptive Intrusion Detection System Using Deep Learning for Network SecurityProceedings of the Cognitive Models and Artificial Intelligence Conference10.1145/3660853.3660928(279-284)Online publication date: 25-May-2024
https://dl.acm.org/doi/10.1145/3660853.3660928
Duzha AAlexakis EKyriazis DSahi LKandi M(2023)From Data Governance by design to Data Governance as a Service: A transformative human-centric data governance frameworkProceedings of the 2023 7th International Conference on Cloud and Big Data Computing10.1145/3616131.3616145(10-20)Online publication date: 17-Aug-2023
https://dl.acm.org/doi/10.1145/3616131.3616145
Al-Dyani WAhmad FKamaruddin S(2022)Improvements of bat algorithm for optimal feature selectionIntelligent Data Analysis10.3233/IDA-20545526:1(5-31)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/IDA-205455
Show More Cited By

Index Terms

Adaptive Intrusion Detection: A Data Mining Approach
1. Computing methodologies
  1. Artificial intelligence
    1. Knowledge representation and reasoning
  2. Symbolic and algebraic manipulation
    1. Symbolic and algebraic algorithms
      1. Theorem proving algorithms
2. Information systems
  1. Information systems applications
    1. Decision support systems
      1. Expert systems

Recommendations

A framework for constructing features and models for intrusion detection systems

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, ...
Applied Research on Data Mining Algorithm in Network Intrusion Detection
JCAI '09: Proceedings of the 2009 International Joint Conference on Artificial Intelligence

Abstract—Intrusion Detection is one of network security area of technology main research directions. Data mining technology will be applied to Network Intrusion Detection System (NIDS), may automatically discover the new pattern from the massive network ...
Application of Fuzzy Association Rules in Intrusion Detection
ICICIS '11: Proceedings of the 2011 International Conference on Internet Computing and Information Services

Intrusion detection system (IDS) is based on data mining technology in this paper. Association rule mining which is a method of data mining will make the boundaries of intervals hard. It will increase the information loss. In this paper, a novel ...

Comments

Information & Contributors

Information

Published In

cover image Artificial Intelligence Review

Artificial Intelligence Review Volume 14, Issue 6

Issues on the application of data mining

December 1, 2000

202 pages

ISSN:0269-2821

Editors:
Paul Mc Kevitt
Univ. of Ulster (Magee), Derry, Northern Ireland, U. K.
,
Julio Ortega
IBM, Dallas, TX

Issue’s Table of Contents

Copyright © Copyright © 2000 Kluwer Academic Publishers.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 December 2000

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

73
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fenjan AAlmashhadany MAhmed SFadel HSekhar RShah PVeena B(2024)Adaptive Intrusion Detection System Using Deep Learning for Network SecurityProceedings of the Cognitive Models and Artificial Intelligence Conference10.1145/3660853.3660928(279-284)Online publication date: 25-May-2024
https://dl.acm.org/doi/10.1145/3660853.3660928
Duzha AAlexakis EKyriazis DSahi LKandi M(2023)From Data Governance by design to Data Governance as a Service: A transformative human-centric data governance frameworkProceedings of the 2023 7th International Conference on Cloud and Big Data Computing10.1145/3616131.3616145(10-20)Online publication date: 17-Aug-2023
https://dl.acm.org/doi/10.1145/3616131.3616145
Al-Dyani WAhmad FKamaruddin S(2022)Improvements of bat algorithm for optimal feature selectionIntelligent Data Analysis10.3233/IDA-20545526:1(5-31)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/IDA-205455
Sun XZhang DQin HTang J(2022)Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine LearningSecurity and Communication Networks10.1155/2022/39903862022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3990386
Chiche AMeshesha M(2021)Towards a Scalable and Adaptive Learning Approach for Network Intrusion DetectionJournal of Computer Networks and Communications10.1155/2021/88455402021Online publication date: 19-Jan-2021
https://dl.acm.org/doi/10.1155/2021/8845540
Zhao ZGe LZhang G(2021)A novel DBN-LSSVM ensemble method for intrusion detection systemProceedings of the 2021 9th International Conference on Communications and Broadband Networking10.1145/3456415.3456431(101-107)Online publication date: 25-Feb-2021
https://dl.acm.org/doi/10.1145/3456415.3456431
Kalinin MZegzhda P(2020)AI-based Security for the Smart Networks13th International Conference on Security of Information and Networks10.1145/3433174.3433593(1-4)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.1145/3433174.3433593
Kumar GThakur KAyyagari M(2020)MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a reviewThe Journal of Supercomputing10.1007/s11227-020-03196-z76:11(8938-8971)Online publication date: 1-Nov-2020
https://dl.acm.org/doi/10.1007/s11227-020-03196-z
Solorio-Fernández SCarrasco-Ochoa JMartínez-Trinidad J(2020)A review of unsupervised feature selection methodsArtificial Intelligence Review10.1007/s10462-019-09682-y53:2(907-948)Online publication date: 1-Feb-2020
https://dl.acm.org/doi/10.1007/s10462-019-09682-y
Gan WLin JFournier-Viger PChao HYu P(2019)A Survey of Parallel Sequential Pattern MiningACM Transactions on Knowledge Discovery from Data10.1145/331410713:3(1-34)Online publication date: 7-Jun-2019
https://dl.acm.org/doi/10.1145/3314107
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents