Composing Miners to Develop an Intrusion Detection Solution

  • Marcello Castellano
  • Giuseppe Mastronardi
  • Luca Pisciotta
  • Gianfranco Tarricone
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5456)


Today, security is of strategic importance for many computer science applications. Unfortunately, an optimal solution does not exist and often system administrators are faced with new security problems when trying to protect computing resources within a reasonable time. Security applications that seem effective at first, could actually be unsuitable. This paper introduces a way of developing flexible computer security solutions which can allow system administrators to intervene rapidly on systems by adapting not only existing solutions but new ones as well. To this end, the study suggests considering the problem of intrusion detection as a Knowledge Discovery process and to describe it in terms of both e-services and miner building blocks. In addition, a definition of an intrusion detection process using Web content analysis generated by users is presented.


Knowledge Discovery Intrusion Detection Mining Engine Data mining Web mining 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Part supplement IEEE Computer 35(4), 27–30 (2002)Google Scholar
  2. 2.
    Tront, J.G., Marchany, R.C.: Internet security: intrusion detection & prevention. In: 37th IEEE Annual Hawaii International Conference on System Sciences, January 5-8. IEEE Press, New York (2004)Google Scholar
  3. 3.
    Smith, C.L., Robinson, M.: The Understanding of Security Technology and It’s Application. In: IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology, pp. 26–37. IEEE Press, New York (1999)Google Scholar
  4. 4.
    Kemmerer, R., Vigna, G.: Hi-DRA: Intrusion Detection for Internet Security. Proceedings of IEEE 93(10), 1848–1857 (2005)CrossRefGoogle Scholar
  5. 5.
    Anderson, D., Lunt, T.G., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behavior using the StatisticalComponents of the Next-Generation Intrusion Detection ExpertSystem (NIDES). In: Compuler Science Loboratory SRI-CSL-95-06 (May 1995)Google Scholar
  6. 6.
    Cai, Y., Clutter, D., Pape, G., Han, J., Welge, M., Auvil, L.: MAIDS: Mining Alarming Incidents from Data Streams. In: ACM-SIGMOD Int. Conf. Management of Data (SIGMOD 2004), pp. 919–920. ACM Press, New York (2004)CrossRefGoogle Scholar
  7. 7.
    Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic. Florida Institute of Technology, Melbourne (2003)Google Scholar
  8. 8.
    Lee, W., Stolfo, S.J., Mok, K.W.: Mining Audit Data to Build ID Model. In: 4th International Conference on Knowledge Discovery and Data Mining, New York, pp. 66–72 (1998)Google Scholar
  9. 9.
    Seleznyov, A., Mazhelis, O., Puuronen, S.: Learning Temporal Regularities of User Behavior for Anomaly Detection. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 143–152. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Pepyne, D.L., Hu, J., Gong, W.: User Profiling for Computer Security. In: American Conference on Control, Boston, June 30 – July 2, pp. 982–987 (2004)Google Scholar
  11. 11.
    Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Real Time Detection of Novel Attacks by Means of Data Mining. In: ACM ICEIS Conference (2005)Google Scholar
  12. 12.
    Liu, Z., Campbell, R.H., Mickunas, M.D.: Security as services in active networks. In: Seventh International Symposium on Computers and Communications, pp. 883–890 (2002) Google Scholar
  13. 13.
    Torrellas, G.A.S., Cruz, D.V.: Security in a PKI-based networking environment: a multi-agent architecture for distributed security management system & control. In: Second IEEE International Conference on Computational Cybernatics, pp. 183–188 (2004)Google Scholar
  14. 14.
    Yau, S.S., Yao, Y., Chen, Z., Zhu, L.: An Adaptable Security Framework for Service-based Systems. In: 10th IEEE International Workshop on Object Oriented Real-Time Dependable Systems, pp. 28–35 (2005)Google Scholar
  15. 15.
    Yao, Z., Kim, D., Lee, I., Kim, K., Jang, J.: A security framework with trust management for sensor networks. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 190–198 (2005)Google Scholar
  16. 16.
    Feiertag, R., Redmond, T., Rho, S.: A Framework for Building Composable Replaceable Security Services. In: DARPA Information Survivability Conference and Exposition. DISCEX 2000, vol. 2, pp. 391–402 (2000)Google Scholar
  17. 17.
    Chatzigiannakis, V., Androulidakis, G., Maglaris, B.: A Distributed Intrusion Detection Prototype Using Security Agents. In: 11th Workshop HP OpenView University Association (HPOVUA), Paris, France (June 2004)Google Scholar
  18. 18.
    Castellano, M., Pastore, N., Arcieri, F., Summo, V., Bellone de Grecis, G.: A Flexible Mining Architecture for Providing New E-Knowledge Services. In: 38th Annual Hawaii International Conference On System Sciences - Track 3. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  19. 19.
    Castellano, M., Pastore, N., Arcieri, F., Summo, V., Bellone de Grecis, G.: Orchestrating the Knowledge Discovery Process. In: E-Service Intelligence: Methodologies, Technologies and Application. Springer, Berlin (2007)Google Scholar
  20. 20.
    Castellano, M., Mastronardi, G., Aprile, A., Minardi, M., Catalano, P., Dicensi, V., Tarricone, G.: A Decision Support System base line Flexible Architecture to Intrusion Detection. Journal of Software 2(6), 30–41 (2007)CrossRefGoogle Scholar
  21. 21.
    Matheus, C.J., Chan, P.K., Piatetsky-Shapiro, G.: System for Knowledge Discovery in Databases. IEEE Transactions on Knowledge and Data Engineering (TKDE), Special Issue on Learning & Discovery in Knowledge-Based Databases 5(6), 903–913 (1993)CrossRefGoogle Scholar
  22. 22.
    Lee, W., Stolfo, S.J.: Combining Knowledge Discovery and Knowledge Engineering to Build IDSs. In: 2nd International Workshop on Recent Advances in Intrusion Detection, West Lafayette, IN (1999)Google Scholar
  23. 23.
    WASET: 4th International Conference on Knowledge Mining. In: Proceedings of World Academy of Science, Engineering and Technology, vol. 26 (2007)Google Scholar
  24. 24.
    Fayyad, U.M., Piatetsky-Shapiro, G., Smith, P., Uthurusamy, R.: Advances in Knowledge Discovery and Data mining. MIT Press, London (1996)Google Scholar
  25. 25.
    Han, J., Kamber, M.: Data Mining: Concepts and Technique. Morgan Kaufmann Publishers, Academic Press, USA (2001)Google Scholar
  26. 26.
    Cooley, R., Mobasher, B., Srivastava, J.: Web Mining: Information and Pattern Discovery on the World Wide Web. In: Ninth IEEE International Conference on Tools with Artificial Intelligence, pp. 558–567. IEEE Press, New York (1997)CrossRefGoogle Scholar
  27. 27.
    Zhang, W., Tang, X.: Web Text Mining on XSSC. In: Gu, J.F., Nakamori, Y., Wang, Z.T., Tang, X.J. (eds.) KSS 2006, pp. 167–175. Global Link Publisher (2006)Google Scholar
  28. 28.
    Felici, G., Vercellis, C.: Special Issue in Mathematical Method for Learning. Advances in Data Mining and Knowledge MML (2004); In: Computational optimization and Applications, vol. 38(2). Springer, Netherlands (2007)Google Scholar
  29. 29.
    Bozdogan, H.: Statistical Data Mining and Knowledge Discovery. Chapman and Hall/CRC, Boca Raton (2004)zbMATHGoogle Scholar
  30. 30.
    CRoss Industry Standard Process for Data Mining,
  31. 31.
    Chapman, P., Clinton, J., Kerber, R., Khabaza, T., Reinartz, T., Shearer, C., Wirth, R.: CRISP-DM 1.0 Step-by-step data mining guide. CRISP-DM Consortium. SPSS Inc. (2000),
  32. 32.
    Wirth, R., Hipp, J.: CRISP-DM: Towards a Standard Process Model for Data Mining. In: 4th International Conference on the Practical Applications of Knowledge Discovery and Data Mining (PADD 2000), Manchester, UK, pp. 29–39 (2000)Google Scholar
  33. 33.
    Lee, W., Stolfo, S.J., Mok, K.W.: Data mining approaches for intrusion detection. In: 7th USENIX Security Symposium, San Antonio, TX (1998)Google Scholar
  34. 34.
    Julisch, K.: Data mining for Intrusion Detection: a Critical Review. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security. Kluwer Academic Publisher, Dordrecht (2002)Google Scholar
  35. 35.
    Paxson, V., Floyd, S.: Difficulties in simulating the internet. Transactions on Networking 9, 392–403 (2001)CrossRefGoogle Scholar
  36. 36.
    Hackathom, R.D.: Web Farming for the Data Warehouse. In: Gray, J. (Series ed.) The Morgan Kaufmann Series in Data Management Systems (1998) Google Scholar
  37. 37.
    IBM, BEA Systems, Microsoft, SAP AG, Siebel Systems: Business Process Execution Language for Web Services (BPEL4WS),
  38. 38.
    IBM, BEA Systems, Microsoft, SAP AG, Siebel: SystemsBusiness Process Execution Language for Web Services: Version 1.1,
  39. 39.
    Peltz, C.: Web Service Orchestration: a review of emerging technologies, tools, and standards.Techical report, Hewlett-Packard Company (2003)Google Scholar
  40. 40.
    GATE – General Architetcture for Text Engineering,

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Marcello Castellano
    • 1
  • Giuseppe Mastronardi
    • 1
  • Luca Pisciotta
    • 1
  • Gianfranco Tarricone
    • 1
  1. 1.Dipartimento di Elettrotecnica ed Elettronica Politecnico di Bari Via Orabona 4BariItaly

Personalised recommendations