Real Time Data Mining-Based Intrusion Detection
Abstract
In this paper, we present an overview of our research in real time data mining-based intrusion detection systems (IDSs). We focus on issues related to deploying a data mining-based IDS in a real time environment. We describe our approaches to address three types of issues: accuracy, efficiency, and usability. To improve accuracy, data mining programs are used to analyze audit data and extract features that can distinguish normal activities from intrusions; we use artificial anomalies along with normal and/or intrusion data to produce more effective misuse and anomaly detection models. To improve efficiency, the computational costs of features are analyzed and a multiple-model costbased approach is used to produce detection models with low cost and high accuracy. We also present a distributed architecture for evaluating cost-sensitive models in realtime. To improve usability, adaptive learning algorithms are used to facilitate model construction and incremental updates; unsupervised anomaly detection algorithms are used to reduce the reliance on labeled data. We also present an architecture consisting of sensors, detectors, a data warehouse, and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. This architecture also improves the efficiency and scalability of the IDS.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2001
- Accession Number
- ADA512806
Entities
People
- Eleazar Eskin
- Junxin Zhang
- Matthew P Miller
- Philip K. Chan
- Salvatore J. Stolfo
- Shlomo Hershkop
- Wei Fan
- Wenke Lee
Organizations
- North Carolina State University