INTRUSION SCENARIOS DETECTION BASED ON DATA MINING
Traditional intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They cant Find logical relations among alerts. In addition, IDSs accuracy is low, a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection methods are proposed. In this paper a data mining method is used to find the attack scenarios. Firstly redundancy alerts are checked and deleted, then attack scenario patterns are mined by using the associate-rule algorithms which is an improved Apriori algorithm. These mined scenario patterns are used to find attack scenarios. In this paper 1999 DARPA intrusion detection scenario specific datasets are used as the experimental data and the corresponding results are shown. Compared with current scenario detection methods which depend on human knowledge to define attack scenarios, our methods use data mining method to find the scenarios automatically. Our experimental results demonstrate the potential of the proposed method.
Intrusion detection Scenario Data mining Network security
YU-XIN DING HAI-SEN WANG QING-WEI LIU
Department of computer science and technology, Harbin Institute of Technology Shenzhen Graduate School, Shenzhen 518055, China
国际会议
2008 International Conference on Machine Learning and Cybernetics(2008机器学习与控制论国际会议)
昆明
英文
1293-1297
2008-07-12(万方平台首次上网日期,不代表论文的发表时间)