Article

ADMIT: anomaly-based data mining for intrusions

Authors:

Karlton Sequeira,

Mohammed ZakiAuthors Info & Claims

KDD '02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining

Pages 386 - 395

https://doi.org/10.1145/775047.775103

Published: 23 July 2002 Publication History

Abstract

Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

References

[1]

D. Aha, D. Kibler, M. Albert. Instance-based learning algorithms. Machine learning, 6(1):37--66, 1991.]]

Digital Library

[2]

K. Alsabti, S. Ranka, V. Singh. An efficient K-means Clustering Algorithm. In 11th International Parallel Processing Symposium, 1998.]]

[3]

J.B.D. Cabrera, L. Lewis, R.K. Mehra. Detection and Classification of Intrusions and Faults using Sequences of System Calls. SIGMOD Record, 30(4), pp 25--34. December 2001.]]

Digital Library

[4]

T. H. Cormen, C. E. Leiserson, R. L. Rivest. Introduction to Algorithms. McGraw-Hill. 1990.]]

Digital Library

[5]

D. E. Denning. An Intrusion-Detection Model. IEEE Transactions on Software Engineering, 13(2):222--232, February 1987.]]

Digital Library

[6]

W. DuMouchel. Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities. In National Institute of Statistical Sciences Tech. Report 91, February 1999.]]

[7]

S.A. Hofmeyr, S. Forrest, A. Somayaji. Intrusion Detection using sequences of system calls. In Journal of Computer Security, 6:151--180, 1998.]]

Digital Library

[8]

L. Kaufmann, P.J. Rousseeuw. Finding Groups in Data: An Introduction to Cluster Analysis. John Wiley and Sons. March 1990.]]

[9]

S. Kumar, E. H. Spafford. A pattern matching model for misuse intrusion detection. In 17th National Computer Security Conference, pp. 11--21, 1994.]]

[10]

T. Lane. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. Ph.D. Thesis, CERIAS TR 2000--12, Purdue University, August 2000.]]

Digital Library

[11]

T. Lane, C. E. Brodley. Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Transactions on Information and System Security, 2:295--331, 1999.]]

Digital Library

[12]

D. J. Langin. Out of the NOC(a) and Into the Boardroom: Director and Officer Responsibility for Information Security. July 30, 2001. URL: http://www.recourse.com/news/press/releases/r073001.html]]

[13]

W. Lee, S. J. Stolfo. Data Mining Approaches for Intrusion Detection. In Proceedings of the 7th USENIX Security Symposium, January 1998.]]

Digital Library

[14]

W. Lee, S. Stolfo, P. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, J. Zhang. Real Time Data Mining-based Intrusion Detection. In DARPA Information Survivability Conference and Exposition II. June 2001.]]

[15]

P. A. Porras, P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In 20th National Information Systems Security Conference, October 1997.]]

[16]

L. Portnoy, E. Eskin, S. Stolfo. Intrusion detection with unlabeled data using clustering. In ACM Workshop on Data Mining Applied to Security (DMSA 2001), November 2001.]]

[17]

J. Ryan, M.J. Lin, R. Miikkulainen. Advances In Neural Information Processing Systems 10, Cambridge, MA: MIT Press 1998.]]

[18]

M. Schonlau, W. DuMouchel, W. Ju, A. Karr, M. Theus, Y. Vardi. Computer Intrusion: Detecting Masquerades. Statistical Science, 16:1--17. February 2001.]]

[19]

J. S. Subramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, D. Zamboni. An Architecture for Intrusion Detection Using Autonomous Agents. In 14th Annual Computer Security Applications Conf, December 1998.]]

Digital Library

[20]

A. Valdes, K. Skinner. Adaptive, Model-based Monitoring for Cyber Attack Detection, Lecture Notes in CS, No. 1907, Springer-Verlag, pp. 80--92, October 2000.]]

Digital Library

[21]

C. Warrender, S. Forrest, B. Pearlmutter. Detecting intrusions using system calls: alternative data models. In IEEE Symposium on Security and Privacy, 1999.]]

[22]

D. Zamboni. Using clustering to detect abnormal behavior in a distributed intrusion detection system. Unreleased Technical Report, Purdue University. August, 2001.]]

Cited By

Dani SThakur CNagvanshi NSingh G(2024)Anomaly Detection using PCA in Time Series Data2024 IEEE International Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI)10.1109/IATMSI60426.2024.10502929(1-6)Online publication date: 14-Mar-2024
https://doi.org/10.1109/IATMSI60426.2024.10502929
Ganesan SShanmugaraj GIndumathi A(2023)A Survey of Data Mining and Machine Learning-Based Intrusion Detection System for Cyber SecurityRisk Detection and Cyber Security for the Success of Contemporary Computing10.4018/978-1-6684-9317-5.ch004(52-74)Online publication date: 9-Nov-2023
https://doi.org/10.4018/978-1-6684-9317-5.ch004
Zhou DHe J(2023)Rare Category Analysis for Complex Data: A ReviewACM Computing Surveys10.1145/362652056:5(1-35)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3626520
Show More Cited By

Index Terms

Recommendations

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

The fast spreading worm is becoming one of the most serious threats to today's networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the ...
A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

KDD '02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining

July 2002

719 pages

ISBN:158113567X

DOI:10.1145/775047

Conference Chair:
Osmar R. Zaïane
University of Alberta, Canada
,
General Chair:
Randy Goebel
University of Alberta, Canada
,
Program Chairs:
David Hand
Imperial College, UK
,
Daniel Keim
AT&T
,
Raymond Ng
University of British Columbia, Canada

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 July 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

KDD02

Sponsor:

KDD02: The Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

July 23 - 26, 2002

Alberta, Edmonton, Canada

Acceptance Rates

KDD '02 Paper Acceptance Rate 44 of 307 submissions, 14%;

Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '24

Sponsor:
sigkdd
sigkdd

The 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 25 - 29, 2024

Barcelona , Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

131
Total Citations
View Citations
1,868
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)6

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dani SThakur CNagvanshi NSingh G(2024)Anomaly Detection using PCA in Time Series Data2024 IEEE International Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI)10.1109/IATMSI60426.2024.10502929(1-6)Online publication date: 14-Mar-2024
https://doi.org/10.1109/IATMSI60426.2024.10502929
Ganesan SShanmugaraj GIndumathi A(2023)A Survey of Data Mining and Machine Learning-Based Intrusion Detection System for Cyber SecurityRisk Detection and Cyber Security for the Success of Contemporary Computing10.4018/978-1-6684-9317-5.ch004(52-74)Online publication date: 9-Nov-2023
https://doi.org/10.4018/978-1-6684-9317-5.ch004
Zhou DHe J(2023)Rare Category Analysis for Complex Data: A ReviewACM Computing Surveys10.1145/362652056:5(1-35)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3626520
Wang DNganso YSchotten H(2023)A Short Overview of 6G V2X Communication Standards2023 International Conference on Intelligent Communication and Networking (ICN)10.1109/ICN60549.2023.10425918(20-26)Online publication date: 10-Nov-2023
https://doi.org/10.1109/ICN60549.2023.10425918
He DKim JShi HRuan B(2023)Autonomous anomaly detection on traffic flow time series with reinforcement learningTransportation Research Part C: Emerging Technologies10.1016/j.trc.2023.104089150(104089)Online publication date: May-2023
https://doi.org/10.1016/j.trc.2023.104089
Cerdà-Alabern LIuhasz GGemmi G(2023)Anomaly detection for fault detection in wireless community networks using machine learningComputer Communications10.1016/j.comcom.2023.02.019202:C(191-203)Online publication date: 15-Mar-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.02.019
Potula SSelvanambi RKaruppiah MPelusi D(2023)Artificial Intelligence-Based Cyber Security ApplicationsArtificial Intelligence and Cyber Security in Industry 4.010.1007/978-981-99-2115-7_16(343-373)Online publication date: 14-Jun-2023
https://doi.org/10.1007/978-981-99-2115-7_16
Ahsan MNygard KGomes RChowdhury MRifat NConnolly J(2022)Cybersecurity Threats and Their Mitigation Approaches Using Machine Learning—A ReviewJournal of Cybersecurity and Privacy10.3390/jcp20300272:3(527-555)Online publication date: 10-Jul-2022
https://doi.org/10.3390/jcp2030027
Noor-A-Rahim MLiu ZLee HKhyam MHe JPesch DMoessner KSaad WPoor H(2022)6G for Vehicle-to-Everything (V2X) Communications: Enabling Technologies, Challenges, and OpportunitiesProceedings of the IEEE10.1109/JPROC.2022.3173031110:6(712-734)Online publication date: Jul-2022
https://doi.org/10.1109/JPROC.2022.3173031
Ouamna HMadini ZZouine Y(2022)6G and V2X Communications: Applications, Features, and Challenges2022 8th International Conference on Optimization and Applications (ICOA)10.1109/ICOA55659.2022.9934407(1-6)Online publication date: 6-Oct-2022
https://doi.org/10.1109/ICOA55659.2022.9934407
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents