Skip to main content
SpringerLink
Log in

Data Mining for Intrusion Detection: From Outliers to True Intrusions

  • Conference paper
Advances in Knowledge Discovery and Data Mining (PAKDD 2009)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5476))

Included in the following conference series:

Abstract

Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering has controversial properties. Unsupervised clustering for intrusion detection aims to i) group behaviors together depending on their similarity and ii) detect groups containing only one (or very few) behaviour. Such isolated behaviours are then considered as deviating from a model of normality and are therefore considered as malicious. Obviously, all atypical behaviours are not attacks or intrusion attempts. Hence, this is the limits of unsupervised clustering for intrusion detection. In this paper, we consider to add a new feature to such isolated behaviours before they can be considered as malicious. This feature is based on their possible repetition from one information system to another.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: 1st SIAM Conference on Data Mining (2001)

    Google Scholar 

  2. Bloedorn, E., Christiansen, A.D., Hill, W., Skorupka, C., Talbot, L.M.: Data mining for network intrusion detection: How to get started. Technical report, MITRE (2001)

    Google Scholar 

  3. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Applications of Data Mining in Computer Security (2002)

    Google Scholar 

  4. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: 3rd SIAM DM (2003)

    Google Scholar 

  5. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: 7th conference on USENIX Security Symposium (1998)

    Google Scholar 

  6. Marascu, A., Masseglia, F.: A multi-resolution approach for atypical behaviour mining. In: The 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2009), Bangkok, Thailand (2009)

    Google Scholar 

  7. Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Networks 51 (2007)

    Google Scholar 

  8. Roesch, M.: SNORT (1998)

    Google Scholar 

  9. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Recent Advances in Intrusion Detection, pp. 54–68 (2001)

    Google Scholar 

  10. Wu, N., Zhang, J.: Factor analysis based anomaly detection. In: IEEE Workshop on Information Assurance (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Sophia Antipolis, 2004 route des lucioles, BP 93, FR-06902, Sophia Antipolis, France

    Goverdhan Singh, Florent Masseglia, Céline Fiot & Alice Marascu

  2. LIRMM UMR CNRS 5506, 161 Rue Ada, 34392, Montpellier Cedex 5, France

    Pascal Poncelet

Authors
  1. Goverdhan Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florent Masseglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. CĂ©line Fiot
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alice Marascu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pascal Poncelet
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Sirindhorn International Institute of Technology, Thammasat University, 131 Moo 5 Tiwanont Road, 12000, Bangkadi, Muang, Pathumthani, Thailand

    Thanaruk Theeramunkong

  2. Dept. of Computer Engineering, Faculty of Engineering, Chulalongkorn University, 10330, Bangkok, Thailand

    Boonserm Kijsirikul

  3. Faculty of Science & Engineering, York University, 355 Lumbers Building, 4700 Keele Street, M3J 1P3, Toronto, Ontario, Canada

    Nick Cercone

  4. School of Knowledge Science, Japan Advanced Institute of Science and Technology, 1-1 Asahidai, Nomi, 923-1292, Ishikawa, Japan

    Tu-Bao Ho

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Singh, G., Masseglia, F., Fiot, C., Marascu, A., Poncelet, P. (2009). Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, TB. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2009. Lecture Notes in Computer Science(), vol 5476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01307-2_93

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01307-2_93

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01306-5

  • Online ISBN: 978-3-642-01307-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation