The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Developing custom intrusion detection filters using data mining

Download

Download PDF Document
PDF

Author

Christopher Clifton

Tech report number

CERIAS TR 2001-92

Entry type

conference

Abstract

One aspect of constructing secure networks is identifying unauthorized use of those networks. Intrusion detection systems look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely “attack signatures”, resulting in false alarms. We are using data mining techniques to identify sequences of alarms that likely result from normal behavior, enabling construction of filters to eliminate those alarms. This can be done at a low cost for specific environments, enabling the construction of customized intrusion detection filters. We present our approach, and preliminary results identifying common sequences in alarms from a particular environment.

Download

PDF

Date

2000 – 10

URL

http://ieeexplore.ieee.org/sea ... apper.jsp?arnumber=904991

Key alpha

Clifton

Note

2000 Military Communications International Symposium (MILCOM2000) October 22-25, 2000 in Los Angeles, California

Publication Date

2001-10-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.