Advertisement

Data Mining for Intrusion Detection: From Outliers to True Intrusions

  • Goverdhan Singh
  • Florent Masseglia
  • Céline Fiot
  • Alice Marascu
  • Pascal Poncelet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5476)

Abstract

Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering has controversial properties. Unsupervised clustering for intrusion detection aims to i) group behaviors together depending on their similarity and ii) detect groups containing only one (or very few) behaviour. Such isolated behaviours are then considered as deviating from a model of normality and are therefore considered as malicious. Obviously, all atypical behaviours are not attacks or intrusion attempts. Hence, this is the limits of unsupervised clustering for intrusion detection. In this paper, we consider to add a new feature to such isolated behaviours before they can be considered as malicious. This feature is based on their possible repetition from one information system to another.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: 1st SIAM Conference on Data Mining (2001)Google Scholar
  2. 2.
    Bloedorn, E., Christiansen, A.D., Hill, W., Skorupka, C., Talbot, L.M.: Data mining for network intrusion detection: How to get started. Technical report, MITRE (2001)Google Scholar
  3. 3.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Applications of Data Mining in Computer Security (2002)Google Scholar
  4. 4.
    Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: 3rd SIAM DM (2003)Google Scholar
  5. 5.
    Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: 7th conference on USENIX Security Symposium (1998)Google Scholar
  6. 6.
    Marascu, A., Masseglia, F.: A multi-resolution approach for atypical behaviour mining. In: The 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2009), Bangkok, Thailand (2009)Google Scholar
  7. 7.
    Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Networks 51 (2007)Google Scholar
  8. 8.
    Roesch, M.: SNORT (1998)Google Scholar
  9. 9.
    Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Recent Advances in Intrusion Detection, pp. 54–68 (2001)Google Scholar
  10. 10.
    Wu, N., Zhang, J.: Factor analysis based anomaly detection. In: IEEE Workshop on Information Assurance (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Goverdhan Singh
    • 1
  • Florent Masseglia
    • 1
  • Céline Fiot
    • 1
  • Alice Marascu
    • 1
  • Pascal Poncelet
    • 2
  1. 1.INRIA Sophia Antipolis, 2004 route des luciolesSophia AntipolisFrance
  2. 2.LIRMM UMR CNRS 5506Montpellier Cedex 5France

Personalised recommendations