Abstract
Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering has controversial properties. Unsupervised clustering for intrusion detection aims to i) group behaviors together depending on their similarity and ii) detect groups containing only one (or very few) behaviour. Such isolated behaviours are then considered as deviating from a model of normality and are therefore considered as malicious. Obviously, all atypical behaviours are not attacks or intrusion attempts. Hence, this is the limits of unsupervised clustering for intrusion detection. In this paper, we consider to add a new feature to such isolated behaviours before they can be considered as malicious. This feature is based on their possible repetition from one information system to another.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: 1st SIAM Conference on Data Mining (2001)
Bloedorn, E., Christiansen, A.D., Hill, W., Skorupka, C., Talbot, L.M.: Data mining for network intrusion detection: How to get started. Technical report, MITRE (2001)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Applications of Data Mining in Computer Security (2002)
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: 3rd SIAM DM (2003)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: 7th conference on USENIX Security Symposium (1998)
Marascu, A., Masseglia, F.: A multi-resolution approach for atypical behaviour mining. In: The 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2009), Bangkok, Thailand (2009)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Networks 51 (2007)
Roesch, M.: SNORT (1998)
Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Recent Advances in Intrusion Detection, pp. 54–68 (2001)
Wu, N., Zhang, J.: Factor analysis based anomaly detection. In: IEEE Workshop on Information Assurance (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Singh, G., Masseglia, F., Fiot, C., Marascu, A., Poncelet, P. (2009). Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, TB. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2009. Lecture Notes in Computer Science(), vol 5476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01307-2_93
Download citation
DOI: https://doi.org/10.1007/978-3-642-01307-2_93
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01306-5
Online ISBN: 978-3-642-01307-2
eBook Packages: Computer ScienceComputer Science (R0)