Article

Bootstrapping a data mining intrusion detection system

Authors:

Daniel Barbará,

Yi Li,

Julia Couto,

Jia-Ling Lin,

Sushil JajodiaAuthors Info & Claims

SAC '03: Proceedings of the 2003 ACM symposium on Applied computing

Pages 421 - 425

https://doi.org/10.1145/952532.952616

Published: 09 March 2003 Publication History

Get Access

Abstract

The application of data mining techniques in intrusion detection has received a lot of attention lately. Most of the approaches require of a training phase based on the availability of labelled data, where the labels indicate whether the points correspond to normal events or attacks. Unfortunately, this labelled data is not readily available in practice. In this paper we present a novel method based in intersecting segments of unlabelled data and using the intersection as the base data for unsupervised learning (clustering). The clustering algorithm, along with a method to find outliers with respect to the base clusters form the basis for separation of unlabelled data into groups of points that are normal (attack-free) and points that correspond to attacks. We show that the technique is very sucessful in separating points of the data sets of the DARPA, Lincoln Labs evaluation of 1999.

References

[1]

Ramesh Agarwal and Mahesh Joshi. Pnrule: A new framework for learning classifier models in data mining (a case study in network intrusion). In Proceedings of the 1st SIAM Conference on Data Mining, April 2000.]]

Google Scholar

[2]

R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In Proc. of the ACM SIGMOD Conference on Management of Data, Washington D.C., may 1993.]]

Digital Library

Google Scholar

[3]

D. Barbará, J. Couto, and Y. Li. Coolcat: An entropy-based algorithm for categorical clustering. In Proceedings of the 11th ACM Conference on Information and Knowledge Management ACM Conference on Information and Knowledge Management (CIKM), McLean, VA, November 2002.]]

Digital Library

Google Scholar

[4]

D. Barbará and S. Jajodia, editors. Applications of Data Mining in Computer Security. Kluwer Academics, 2002.]]

Digital Library

Google Scholar

[5]

D. Barbará, N. Wu, and S. Jajodia. Detecting novel network intrusions using bayes estimators. In 1st SIAM International Conference on Data Mining, Chicago, IL, April 2001.]]

Crossref

Google Scholar

[6]

Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Sal Stolfo. A Geometric framework for unsupervised anomaly detection. In Daniel Barbará and Sushil Jajodia, editors, Applications of Data Mining in Computer Security. Kluwer Academics, 2002.]]

Crossref

Google Scholar

[7]

S. Hettich(librarian). UCI KDD Archive. http://kdd.ics.uci.edu/.]]

Google Scholar

[8]

Wenke Lee and Dong Xiang. Information-Theoretic Measures for Anomaly Detection. In Proceedings of The 2001 IEEE Symposium on Security and Privacy, Oakland, CA, May 2001.]]

Digital Library

Google Scholar

[9]

P. Neumann and P. Porras. Experience with emerald to date. In 1st USENIX Workshop on Instrusion Detection and Network Monitoring, pages 73--80, Santa Clara, California, 1999.]]

Digital Library

Google Scholar

[10]

P. Porras and P. G. Neumann. Emerald: Event monitoring enabling responses to anomalous live disturbances. In the 19th National Information Systems Security Conference, pages 353--365, Baltimore, MD, October 1997.]]

Google Scholar

[11]

Leonid Portnoy, Eleazar Eskin, and Salvatore J. Stolfo. Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA, 2001.]]

Google Scholar

[12]

Alfonso Valdes and Keith Skinner. Adaptive, model-based monitoring for cyber attack detection. In 3rd International Workshop on Recent Advances in Intrusion Detection (RAID 2000), pages 83--90, October 2000.]]

Digital Library

Google Scholar

Cited By

View all

Hosseini MZaheri SRoosta A(2024)Outlier detection and selection of representative fluid samples using machine learning: a case study of Iranian oil fieldsJournal of Petroleum Exploration and Production Technology10.1007/s13202-024-01850-3Online publication date: 1-Aug-2024
https://doi.org/10.1007/s13202-024-01850-3
Koko RYassine IWahed MMadete JRushdi M(2023)Dynamic Construction of Outlier Detector Ensembles With Bisecting K-Means ClusteringIEEE Access10.1109/ACCESS.2023.325200411(24431-24447)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3252004
Fortino GGreco CGuzzo AIanni M(2022)Neural Network based Temporal Point Processes for Attack Detection in Industrial Control Systems2022 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR54599.2022.9850333(221-226)Online publication date: 27-Jul-2022
https://doi.org/10.1109/CSR54599.2022.9850333
Show More Cited By

Index Terms

Bootstrapping a data mining intrusion detection system
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Unsupervised learning
        Cluster analysis

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Fuzziness based semi-supervised learning approach for intrusion detection system

Countering cyber threats, especially attack detection, is a challenging area of research in the field of information assurance. Intruders use polymorphic mechanisms to masquerade the attack payload and evade the detection techniques. Many supervised and ...

Comments

Information & Contributors

Information

Published In

SAC '03: Proceedings of the 2003 ACM symposium on Applied computing

March 2003

1268 pages

ISBN:1581136242

DOI:10.1145/952532

Conference Chair:
Gary B. Lamont
Air Force Institute of Technology
,
Program Chairs:
Hisham Haddad
Kennesaw State University
,
George A. Papadopoulos
University of Cyprus, Cyprus
,
Publications Chair:
Brajendra Panda
University of Arkansas

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 March 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC03

Sponsor:

SIGAPP

SAC03: ACM Symposium on Applied Computing

March 9 - 12, 2003

Florida, Melbourne

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
1,051
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hosseini MZaheri SRoosta A(2024)Outlier detection and selection of representative fluid samples using machine learning: a case study of Iranian oil fieldsJournal of Petroleum Exploration and Production Technology10.1007/s13202-024-01850-3Online publication date: 1-Aug-2024
https://doi.org/10.1007/s13202-024-01850-3
Koko RYassine IWahed MMadete JRushdi M(2023)Dynamic Construction of Outlier Detector Ensembles With Bisecting K-Means ClusteringIEEE Access10.1109/ACCESS.2023.325200411(24431-24447)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3252004
Fortino GGreco CGuzzo AIanni M(2022)Neural Network based Temporal Point Processes for Attack Detection in Industrial Control Systems2022 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR54599.2022.9850333(221-226)Online publication date: 27-Jul-2022
https://doi.org/10.1109/CSR54599.2022.9850333
Fortino GGreco CGuzzo AIanni M(2022)Identification and prediction of attacks to industrial control systems using temporal point processesJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-022-04416-514:5(4771-4783)Online publication date: 23-Sep-2022
https://doi.org/10.1007/s12652-022-04416-5
Guo KHu BMa JRen STao ZZhang J(2021)Toward Anomaly Behavior Detection as an Edge Network Service Using a Dual-Task Interactive Guided Neural NetworkIEEE Internet of Things Journal10.1109/JIOT.2020.30159878:16(12623-12637)Online publication date: 15-Aug-2021
https://doi.org/10.1109/JIOT.2020.3015987
Safaei MAsadi SDriss MBoulila WAlsaeedi AChizari HAbdullah RSafaei M(2020)A Systematic Literature Review on Outlier Detection in Wireless Sensor NetworksSymmetry10.3390/sym1203032812:3(328)Online publication date: 25-Feb-2020
https://doi.org/10.3390/sym12030328
Kamboj RGupta V(2019)Spatial Correlation Based Outlier Detection in Clustered Wireless Sensor NetworkInternational Conference on Intelligent Computing and Smart Communication 201910.1007/978-981-15-0633-8_13(127-135)Online publication date: 20-Dec-2019
https://doi.org/10.1007/978-981-15-0633-8_13
Daykin MSellathurai MPoole I(2018)A Comparison of Unsupervised Abnormality Detection Methods for Interstitial Lung DiseaseMedical Image Understanding and Analysis10.1007/978-3-319-95921-4_27(287-298)Online publication date: 21-Aug-2018
https://doi.org/10.1007/978-3-319-95921-4_27
Aggarwal CSathe SAggarwal CSathe S(2017)Model Combination Methods for Outlier EnsemblesOutlier Ensembles10.1007/978-3-319-54765-7_5(187-205)Online publication date: 7-Apr-2017
https://doi.org/10.1007/978-3-319-54765-7_5
Aggarwal CSathe SAggarwal CSathe S(2017)Bias Reduction in Outlier Ensembles: The Guessing GameOutlier Ensembles10.1007/978-3-319-54765-7_4(163-186)Online publication date: 7-Apr-2017
https://doi.org/10.1007/978-3-319-54765-7_4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

Fuzziness based semi-supervised learning approach for intrusion detection system