COMBINED DATA MINING APPROACH FOR INTRUSION DETECTION

U. Zurutuza, R. Uribeetxeberria, E. Azketa, G. Gil, J. Lizarraga, M. Fernández

Abstract

This paper presents the results of the project MIAU, a data mining approach for intrusion detection alert correlation. MIAU combines different data mining techniques in order to properly solve some existing problems in the management and analysis of alerts generated by actual intrusion detection systems. Some of these data mining methods and their application to MIAU are introduced in this paper. Experiments have been carried out with the purpose of demonstrating the validity of the proposed model and some conclusions about them are extracted. Finally, some possible improvements for the system and further work are exposed.

References

  1. Ning, P., Ciu, Y., Reeves, D., 2002. Analyzing Intensive Intrusion Alerts Via Correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection. Springer-Verlag, Switzerland, pp.74-94.
  2. Debar, H., Wespi, A., 2001. Aggregation and Correlation of Intrusion-Detection Alerts. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion detection. Springer-Verlag, USA, pp. 85- 103.
  3. Cuppens, F., Miège, A., 2002. Alert Correlation in a Cooperative Intrusion Detection Framework. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society. USA, pp. 202 Templeton, S., Levitt, K., 2000. A requires/provides model for computer attacks. In Proceedings of the Workshop on New Security Paradigms. pp. 31-38.
  4. Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M., 2007. Modelling network intrusion detection alerts for correlation. ACM Transactions on Information and System Security 10 (1).
  5. Julisch, K. 2003. Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security 6 (4). ACM Press, pp. 443-471.
  6. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K., 2000. A Data Mining Analysis of RTID Alarms. Computer Networks 34 (4). Elsevier North-Holland, Inc., pp. 571-577.
  7. Treinen, J.J., Thurimella, R., 2006. A framework for the application of association rule mining in large intrusion detection database. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection. Springer-Verlag, Zurich, pp. 1- 18.
  8. Clifton, C., Gengo, G., 2000. Developing custom intrusion detection filters using data mining. In 2000 Military Communications International Symposium. USA. pp. 22-25.
  9. Valdés, A., Skinner, K., 2001. Probabilistic Alert Correlation. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection. Springer-Verlag. USA.
  10. Dain, O., Cunningham, R.K., 2001. Fusing Heterogeneous Alert Streams into Scenarios. In Proceedings of the ACM CCS Workshop on Data Mining for Security Applications. Barbará and Jajodia. USA.
  11. Witten, I., Frank, E., 2005. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann Series in Data Management Systems.
  12. Dempster, A., Laird, N., Rubin, D., 1977. Maximum Likelihood for Incomplete Data via the EM Algorithm. Royal Statistical Society, Vol.1, N.1.
  13. Agrawal, R., Srikant, R., 1994. Fast Algorithms for mining association rules in large databases. In Proceedings of 20th International Conference on Very Large Databases. Santiago de Chile. pp. 487-489.
Download


Paper Citation


in Harvard Style

Zurutuza U., Uribeetxeberria R., Azketa E., Gil G., Lizarraga J. and Fernández M. (2007). COMBINED DATA MINING APPROACH FOR INTRUSION DETECTION . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 67-73. DOI: 10.5220/0002122800670073


in Bibtex Style

@conference{secrypt07,
author={U. Zurutuza and R. Uribeetxeberria and E. Azketa and G. Gil and J. Lizarraga and M. Fernández},
title={COMBINED DATA MINING APPROACH FOR INTRUSION DETECTION},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={67-73},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002122800670073},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - COMBINED DATA MINING APPROACH FOR INTRUSION DETECTION
SN - 978-989-8111-12-8
AU - Zurutuza U.
AU - Uribeetxeberria R.
AU - Azketa E.
AU - Gil G.
AU - Lizarraga J.
AU - Fernández M.
PY - 2007
SP - 67
EP - 73
DO - 10.5220/0002122800670073