Abstract
Intrusion detection systems like NIDES depend on the ability to characterize a user’s past behavior based on his/her usage patterns. The characterization is typically made in terms of statistics drawn on system parameters such as CPU, I/O and network loads, and file access patterns. For example, NIDES maintains statistics on approximately 25 such parameters for each user. The cost of data collection, statistics computation, and intrusion detection are directly proportional to the number of parameters maintained per user. If we would like to achieve real-time responses to intrusion detection, then we need to minimize the number of parameters without adversely affecting the detection capabilities. In this chapter, we propose to use some of the feature reduction and selection techniques commonly used in data mining applications to reduce the computational and storage requirements of the intrusion detection methods. Since typically several of the user behavioral parameters are correlated, applying these techniques may reduce the number of parameters needed to represent the user behavior.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35508-5_22
Chapter PDF
Similar content being viewed by others
References
Adriaans, P. and Zantinge, D. (1998). Data Mining, Addison-Wesley.
Anderson, D. et al. (1993). “SAFEGUARD Final Report: Detecting unusual program behavior using the NIDES Statistical Component. Final Report, Computer Science Laboratory, SRI International.
Anderson, D. et al. (1995). Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES). Technical Report, SRI-CSL-95–06, Computer Science Laboratory, SRI International.
Berry, M.J.A. and Linoff, G. (1977). Data Mining Techniques,John Wiley Sons Inc.
Brieman, L. and Smyth, P. (1997). Applying classification algorithms in practice. Statistics and Computing, 7 (1), pp. 45–56.
Henkel, R.M. (1976). Tests of Significance, SAGE Publications.
Jain, R. (1991). The Art of Computer Systems performance Analysis,John Wiley Sons Inc.
James, M. (1985). Classification Algorithms, John Wiley Sons Inc.
Javitz, H.S. and Valdes, A. (1991). The SRI IDES Statistical Anomaly Detector. Proceedings of the IEEE Symposium of Security and Privacy, pp. 316–326.
Kanji, G.K. (1993). 100 Statistical Tests, SAGE Publications.
Lin, T.Y., Hinke, T.H., Marks, D.G. and Thuriasingham, B. (1996). Security and data mining. Database Security IX: Status and Prospects (eds. D.L. Spooner, S.A. Demurjian and J.E. Dobson ), Chapman Hall, pp. 391–399.
Weiss, S.M. and Indurkhya, N. (1995). Rule-based machine learning methods for functional prediction. Journal of Artificial Intelligence Research, 3, pp. 383–403.
Weiss, S.M. and Kulikowski, C. (1991). Computer Systems That Learn: Classification, and Prediction Methods from Statistics, Neural Nets, Machine Learning and Expert Systems, Morgan Kaufmann.
Weiss, S.M. and Indurkhya, N. (1998). Predictive Data Mining: A Practical Guide,Morgan Kaufmann.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Mukkamala, R., Gagnon, J., Jajodia, S. (2000). Integrating Data Mining Techniques with Intrusion Detection Methods. In: Atluri, V., Hale, J. (eds) Research Advances in Database and Information Systems Security. IFIP — The International Federation for Information Processing, vol 43. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35508-5_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-35508-5_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6411-6
Online ISBN: 978-0-387-35508-5
eBook Packages: Springer Book Archive