| Publisher | Columbia University Department of Computer Science | ||
|---|---|---|---|
| Format | HTML | Date added | 14 Aug 2003 |
| Topics | Data Mining / Analysis, Anti-Hacking, Anti-Virus | ||
| Downloads | 14 | ||
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant system features to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Using experiments on the sendmail system call data and the network tcpdump data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview on two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can be used to compute the intra- and inter- audit record patterns, which are essential in describing program or user behavior. The discovered patterns can guide the audit data gathering process and facilitate feature selection. To meet the challenges of both efficient learning (mining) and real-time detection, we propose an agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents.
Did you find this white paper useful?
15 out of 22 users found this white paper useful
Related white papers
BP's Carson Unit Refines Contractor Management With WorkTech's Contractor Cost Tracking System (CCTS)
BP is a leading oil, gas, and energy business with operations in 100 countries around the world. The goals of the company were alignment of processes across all business areas,...
TechNet Webcast: ShopTalk - Measuring IT Health with an IT Scorecard
Business intelligence is as important in the IT department as it is in the Finance department. Making good IT business decisions requires aligning with corporate strategy, measurable performance goals and...
Eleven Steps to Success in Data Warehousing
Navigates 11 key steps to implementing a data warehousing solution that wins new customers, develops new products, and reduces costs. With the average cost of a system valued at $1.8...
Data Mining and Customer Relationships by Kurt Thearling
The way in which companies interact with their customers has changed dramatically over the past few years. A customer's continuing business is no longer guaranteed. As a result, companies have...
Where’s My Customer? Spatial Modeling for Promotion Distribution
HYPERparallel, a leading data mining company, offers a set of data mining applications targeted to customer relationship marketing (CRM). This recipe integrates three technologies: HYPERparallel’s //Discovery (pronounced HYPERparallel Discovery) suite...
Deliver Business Intelligence to Microsoft® Excel, Powerpoint®, and Word
Format, sort, and organize data from your business intelligence reports just as they would any other Microsoft table or chart with MicroStrategy Office.
Compaq SANs for Billing
This White Paper discusses the challenges facing Telecommunications and other Service Providers, as they work to differentiate their offerings in today’s complex market. In particular, the promise of innovative billing structures,...
