A Data Mining approach for building cost-sensitive and light intrusion detection models

Abstract

The report provides a summary of the intrusion detection research completed for this effort. The research studied how to build cost-sensitive and light weight intrusion detection models. The main technical components of the research are: 1) Automatic feature construction by analyzing the patterns of normal and intrusion activities computed from large amounts of audit data. 2) Using cost-sensitive machine learning algorithms to construct intrusion detection models that achieve optimal performance on the given (often site-specific) cost metrics, cluster attack signatures and normal profiles and accordingly construct one light model of each cluster to maximize the utility of each model. 3) Dynamic (re-) configuration of the light models to make an IDS effective and efficient, and resilient to IDS-related attacks. Algorithms and prototype systems were developed and extensive experiment using DARPA datasets and other real-world datasets were conducted. The results showed that the technologies developed in this project are more advanced and better than today's state-of-the-art.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2004
Accession Number
ADA422555

Entities

Organizations

  • North Carolina State University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Anomaly Detection
  • Application Protocols
  • Change Detection
  • Computers
  • Cybersecurity
  • Data Mining
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Electronic Mail
  • Information Science
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Network Science
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Neural Network Machine Learning.

Technology Areas

  • AI & ML
  • AI & ML - Neural Networks