Mining intrusion detection alarms for actionable knowledge

Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Volumn , Issue , 2002, Pages 366-375

  Julisch, Klaus ^a   Dacier, Marc ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Alarm investigation; Conceptual clustering; Data mining; Episode rules; Intrusion detection

Indexed keywords

DATA HANDLING; ENTERPRISE RESOURCE PLANNING; KNOWLEDGE BASED SYSTEMS; RESPONSE TIME (COMPUTER SYSTEMS); SECURITY OF DATA;

CONCEPTUAL CLUSTERING; INTRUSION DETECTION ALARMS;

DATA MINING;

EID: 0242540448     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/775094.775101     Document Type: Conference Paper

References (42)

1. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel and E. Stoner. State of the Practice of Intrusion Detection Technologies. Technical report, Carnegie Mellon University, January 2000. http://www.cert.org/archive/pdf/99tr028.pdf.
2. R. Bace. Intrusion Detection. Macmillan Technical Publishing, 2000.
3. D. Barbará, J. Couto, S. Jajodia, L. Popyack and N. Wu. ADAM: Detecting Intrusions by Data Mining. In IEEE Workshop on Information Assurance and Security, 2001.
4. D. Barbará and S. Jajodia, editors. Applications of Data Mining in Computer Security. Kluwer Academic Publisher, Boston, 2002.
5. D. Barbará, N. Wu, and S. Jajodia. Detecting Novel Network Intrusions Using Bayes Estimators. In First SIAM Int'l Conf. on Data Mining (SDM'01), 2001.
6. S. M. Bellovin Packets Found on an Internet. Computer Communications Review, 23(3) 26-31, 1993.
7. G. Bisson. Conceptual Clustering in a First Order Logic Representation. In 10th European Conf. on Artificial Intelligence, pages 458-462, 1992.
8. E. Bloedorn, B. Hill, A. Christiansen, C. Skorupka, L. Talboot and J. Tivel. Data Mining for Improving Intrusion Detection, 2000. http://www.mitre.org/support/papers/tech_papers99_00/.
9. J. Broderick - Editor. IBM Outsourced Solution, 1998. http://www.infoworld.com/cgi-bin/displayTC.pl?/980504sb3-ibm.htm.
10. P. Chan and S. Stolfo. Toward Scalable Learning with Non-Uniform Class and Cost Distributions: A Case Study in Credit Card Fraud Detection. In 4th Int'l Conf. on Knowledge Discovery and Data Mining, pages 164-168, 1998.
11. C. Clifton and G. Gengo. Developing Custom Intrusion Detection Filters Using Data Mining. In Military Communications Int'l Symposium (MILCOM2000), October 2000.
12. O. Dain and R. K. Cunningham. Fusing Heterogeneous Alert Streams into Scenarios. In Barbará and Jajodia [4].
13. H. Debar, M. Dacier and A. Wespi. A Revised Taxonomy for Intrusion Detection Systems, Annales des Télécommunications, 55(7-8):361-378, 2000.
14. H. Debar and A. Wespi. Aggregation and Correlation of Intrusion-Detection Alerts. In 4th Workshop on Recent Advances in Intrusion Detection (RAID), LNCS, pages 85-103. Springer Verlag, 2001.
15. T. Fawcett and F. Provost. Adaptive Fraud Detection. Data Mining and Knowledge Discovery, 1:291-316, 1997.
16. D. H. Fisher. Knowledge Acquisition Via Incremental Conceptual Clustering. Machine Learning, 2:139-172, 1987.
17. V. Ganti, J. Gehrke and R. Ramakrishnan CACTUS - Clustering Categorical Data Using Summaries. In 5th ACM SIGKDD Int'l Conf. on Knowledge Discovery in Databases (SIGKDD), 73-83, 1999.
18. M. Garofalakis and R. Rastogi. Data Mining Meets Network Management: The Nemesis Project. In ACM SIGMOD Int'l Workshop on Research Issues in Data Mining and Knowledge Discovery, May 2001.
19. A. Gordon. Classification. Chapman and Hall, 1999.
20. S. Guha, R. Rastogi, and K. Shim. ROCK: A Robust Clustering Algorithm for Categorical Attributes. Information Systems, 25(5):345-366, 2000.
21. J. Han, Y. Cai and N. Cercone. Data-Driven Discovery of Quantitative Rules in Relational Databases. IEEE Transactions on Knowledge and Data Engineering, 5(1):29-40, 1993.
22. J. Han and Y. Fu. Dynamic Generation and Refinement of Concept Hierarchies for Knowledge Discovery in Databases. In Workshop on Knowledge Discovery in Databases, pages 157-168, 1994.
23. J. Han and Y. Fu. Exploration of the Power of Attribute-Oriented Induction in Data Mining. In U. M. Fayyad, G. Piatetsky-Shapiro, P. Smyth, and R. Uthurusamy, editors Advances in Knowledge Discovery and Data Mining. AAAI Press/MIT Press, 1996.
24. P. Hansen, B. Jaumard and N. Mladenovic. How to Choose K Entries Among N. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 19:105-116, 1995.
25. O. Heinonen and H. Mannila. Attribute-Oriented Induction and Conceptual Clustering. Technical Report Report C-1996-2, University of Helsinki, 1996.
26. J. L. Hellerstein and S. Ma. Mining Event Data for Actionable Patterns. In The Computer Measurement Group, 2000.
27. K. Ilgun, R. A. Kemmerer and P. A. Porras. State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3):181-199, 1995.
28. A. Jain, M. Murty, and P. Flynn. Data Clustering: A Review. ACM Computing Surveys, 31(3):264-323
29. H. S. Javitz and A. Valdes. The SRI IDES Statistical Anomaly Detector. In IEEE Symposium on Security and Privacy, Oakland, CA. SRI International, May 1991.
30. K. Julisch. Mining Alarm Clusters to Improve Alarm Handling Efficiency. In 17th Annual Computer Security Applications Conference (ACSAC), pages 12-21, December 2001.
31. M. Klemettinen. A Knowledge Discovery Methodology for Telecommunication Network Alarm Data. PhD thesis, University of Helsinky (Finland), 1999.
32. W. Lee and S.J. Stolfo. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 3(4):227-261, 2000.
33. S. Manganaris, M. Christensen, D. Zerkle and K. Hermiz. A Data Mining Analysis of RTID Alarms. Computer Networks, 34(4), October 2000.
34. H. Mannila and H. Toivonen. Discovering Generalized Episodes Using Minimal Occurences. In 2nd Int'l Conf. on Knowledge Discovery and Data Mining, 146-151, 1996.
35. H. Mannila, H. Toivonen and A. I. Verkamo. Discovery of Frequent Episodes in Event Sequences. Data Mining and Knowledge Discovery, 1:259-289, 1997.
36. J. McHugh The 1998 Lincoln Laboratory IDS Evaluation - A Critique. In 3th Workshop on Recent Advances in Intrusion Detection (RAID), LNCS, pages 145-161. Springer Verlag, 2000.
37. R. S. Michalski and R. E. Stepp. Automated Construction of Classifications: Conceptual Clustering Versus Numerical Taxonomy. IEEE Transactions on Pattern Analysis and Machine Intelligence, 5(4):396-410, 1983.
38. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23-24):2435-2463 1999.
39. L. Pitt and R. E. Reinke. Criteria for Polynomial Time (Conceptual) Clustering. Machine Learning, 2(4):371-396, 1987.
40. S. Staniford, J. A. Hoagland and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. In ACM Computer and Communications Security IDS Workshop, pages 1-7, 2000.
41. L. Talavera and J. Béjar. Generality-Based Conceptual Clustering with Probabilistic Concepts. IEEE Transactions on Pattern Analysis and Machine Intelligence, 23(2):196-206, 2001.
42. A. Valdes and K. Skinner. Probabilistic Alert Correlation. In 4th Workshop on Recent Advances in Intrusion Detection (RAID), LNCS, pages 54-68, Springer Verlag, 2001.