THE USE OF DATA MINING IN THE IMPLEMENTATION OF A NETWORK INTRUSION DETECTION SYSTEM

John Sheppard, Joe Carthy, John Dunnion

Abstract

This paper focuses on the domain of Network Intrusion Detection Systems, an area where the goal is to detect security violations by passively monitoring network traffic and raising an alarm when an attack occurs. But the problem is that new attacks are being deployed all the time. This particular system has been developed using a range of data mining techniques so as to automatically be able to classify network tracffic as normal or intrusive. Here we evaluate decision trees and their performance based on a large data set used in the 1999 KDD cup contest.

References

  1. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., and E., S. (2000). State of the practice of intrusion technologies. www.cert.org.
  2. Bass, T. (2000). Intrusion detection systems and multisensor data fusion. Communications of the ACM 43(4) 99-105).
  3. Carbone, P. (1997). Data mining or knowledge discovery in databases, an overview. Auerbach Publications.
  4. Dunham, M. (2003). Data Mining, Introductory & Advanced Topics. Prentice Hall.
  5. Fayyad, U. M., Piatetsky-Shapiro, and Symth, P. (1996). The kdd process for extracting useful knowledge from volumes of data. Communications of the ACM 39 (11) 27-34.
  6. Heady, R., Luger, G., Maccabe, A., and Servilla, M. (1990). The architecture of a network level intrusion detection system. Technical report, Computer Science Department, University of New Mexico.
  7. Kendall, K. (1999). A database of computer attacks for the evaluation of intrusion detection systems. In ICEIS'99, 1st International Conference on Enterprise Information Systems. MIT.
  8. Manilla, H. (2002). Local and global methods in data mining. ICALP 2002, The 29th International Colloquim on Automata, Languages, and Programming, Malaga, Spain.
Download


Paper Citation


in Harvard Style

Sheppard J., Carthy J. and Dunnion J. (2005). THE USE OF DATA MINING IN THE IMPLEMENTATION OF A NETWORK INTRUSION DETECTION SYSTEM . In Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 972-8865-20-1, pages 399-404. DOI: 10.5220/0001231403990404


in Bibtex Style

@conference{webist05,
author={John Sheppard and Joe Carthy and John Dunnion},
title={THE USE OF DATA MINING IN THE IMPLEMENTATION OF A NETWORK INTRUSION DETECTION SYSTEM},
booktitle={Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2005},
pages={399-404},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001231403990404},
isbn={972-8865-20-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - THE USE OF DATA MINING IN THE IMPLEMENTATION OF A NETWORK INTRUSION DETECTION SYSTEM
SN - 972-8865-20-1
AU - Sheppard J.
AU - Carthy J.
AU - Dunnion J.
PY - 2005
SP - 399
EP - 404
DO - 10.5220/0001231403990404