Data Mining Approaches for Intrusion Detection

Abstract

In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant system features to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Using experiments on the sendmail system call data and the network tcpdump data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview on two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can be used to compute the intra- and inter- audit record patterns, which are essential in describing program or user behavior.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 12, 2000
Accession Number
ADA401496

Entities

People

  • Salvatore J. Stolfo
  • Wenke Lee

Organizations

  • Columbia University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Anomaly Detection
  • Artificial Intelligence
  • Change Detection
  • Computer Programming
  • Computer Science
  • Computers
  • Cybersecurity
  • Data Mining
  • Detection
  • Detectors
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Network Science
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Distributed Systems and Data Platform Development
  • Neural Network Machine Learning.
  • Theoretical Analysis.

Technology Areas

  • AI & ML