A framework for the application of association rule mining in large intrusion detection infrastructures

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4219 LNCS, Issue , 2006, Pages 1-18

  Treinen, James J ^a   Thurimella, Ramakrishna ^b  

^a IBM   (United States)

^b UNIVERSITY OF DENVER   (United States)

Author keywords

Association rules; Data mining; Graph algorithms; Intrusion detection

Indexed keywords

ALGORITHMS; COMPUTER CRIME; DATA MINING; GRAPH THEORY; PROBLEM SOLVING;

ASSOCIATION RULES; ATTACK PROFILE; GRAPH ALGORITHMS; INTRUSION DETECTION;

SECURITY OF DATA;

EID: 33750327345     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11856214_1     Document Type: Conference Paper

References (37)

1. Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules Between Sets of Items in Large Databases. Proceedings of the ACM SIGMOD Conference on Management of Data (1993) 207-216
2. Ali, K., Manganaris, S., Srikant, R.: Partial Classification Using Association Rules. Proceedings of the Third International Conference on Knowledge Discovery and Data Mining (1997) 115-118
3. Apap, F., Honig, A., Hershkop, S., Eskin, E., Stolfo, S.: Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses. Proceedings of Recent Advances in Intrusion Detection, 5th International Symposium (2002) 36-53
4. Arcsight Corporation.: Arcsight ESM Product Brief, http://www.arcsight. com/collateral/ArcSight_ESM_brochure.pdf (2005)
5. Arcsight Corporation.: Arcsight Pattern Discovery Product Brief. http://www.arcsight.com/collateral/ArcSight_Pattern_Discovery.pdf (2005)
6. Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection. SIGMOD Record Volume 30 Number 4 (2001) 15-24
7. Cisco Systems. Network Security Database, http://www.cisco.com/cgi-bin/ front.x/csec/idsAllList.pl (2005)
8. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. Proceedings of Recent Advances in Intrusion. Detection, 4th International Symposium (2001) 85-103
9. Fayyad, U. Piatetsky-Shapiro, G. Smyth, P.: The KDD Process for Extracting Useful Knowledge From Volumes of Data . Communications of the ACM (1996) 27-34
10. Guan, Y., Ghorbani, A., Belacel, N,: Y-Means : A Clustering Method for Intrusion Detection. Proceedings of Canadian Conference on Electrical and Computer Engineering (2003)
11. Han, J., Gai, Y., Cereone, N.: Knowledge Discovery in Databases: An Attribute-Oriented Approach. Proceedings of the 18th International Conference on Very Large Data Bases (1992) 547-559
12. Han, J., Cai, Y., Cereone, N.: Data-Driven Discovery of Quantitative Rules in Relational Databases. IEEE Transactions on Knowledge and Data Engineering, Volume 5 (1993) 29-40
13. Honig, A., Howard, A., Eskin, E., Stolfo, S.: Adaptive Model Generation : An Architecture for the Deployment of Data Mining-based Intrusion Detection Systems. Applications of Data Mining in Computer Security, Barbara, D., Sushil, J., eds. Boston : Kluwer Academic Publishers (2002) 153-194
14. Hosel, V., Walcher, S.: Clustering Techniques : A Brief Survey, http://ibb.gsf.de/reports/2001/walcher.ps (2000)
15. IBM Corporation : DB2 Intelligent Miner for Modeling. New York (2005)
16. IBM Corporation : IBM DB2 Intelligent Miner Modeling Administration and Programming Guide v8.2. Second Edition. New York (2004)
17. Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. Proceedings of the 17th Annual Computer Security Applications Conference (2001) 12-21
18. Julisch, K.: Data Mining for Intrusion Detection A Critical Review. Applications of Data Mining in Computer Security, Barbara, D., Sushil, J., eds. Boston : Kluwer Academic Publishers (2002) 33-62
19. Julisch, K., Dacier, M.: Mining Intrusion Detection Alarms for Actionable Knowledge. Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2002) 366-375
20. Julisch, K. Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security, Volume 6, Number 4 (2003) 443-471
21. Julisch, K. Using Root Cause Analysis to Handle Intrusion Detection Alarms. PhD Thesis. Universität Dortmund (2003)
22. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. Proceedings of the 7th USENIX Security Symposium (1998) 79-94
23. Lee, W., Stolfo, W., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (1998) 66-72
24. Lee, W. Stolfo, S. Kui, M.: A Data Mining Framework for Building Intrusion Detection Models. IEEE Symposium on Security and Privacy (1999) 120-132
25. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (2001)
26. Lippmann, R., Haines, J., Fried, D., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks, Volume 34 (2000) 579-595
27. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. Proceedings of Recent Advances in Intrusion Detection, Second International Workshop (1999)
28. Mchugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security, Volume 3, Number 4 (2000) 262-294
29. McLure, S., Scambray, J., Kurtz, G.: Hacking Exposed Fifth Edition: Network Security Secrets & Solutions : McGraw-Hill/Osborne (2005)
30. Nauta, K., Lieble, F.: Offline Network Intrusion Detection: Mining TCPDUMP Data to Identify Suspicious Activity. Proceedings of the AFCEA Federal Database Colloquium (1999)
31. Ning, P., Cui, Y., Reeves, D., Xu, D.; Techniques and Tools for Analyzing Intrusion Alerts. ACM Transaction on Information and System Security. Volume 7, No. 2 (2004) 274-318
32. Noel, S., Wijesekera, D., Youman, C.: Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt. Applications of Data Mining in Computer Security, Barbara, D., Sushil, J., eds. Boston : Kluwer Academic Publishers (2002) 1-31
33. Portnoy, L., Eskin, E., Stolfo, S.: Intrusion Detection with Unlabeled Data Using Clustering. Proceedings of ACM CSS Workshop on Data Mining Applied to Security (2001)
34. Schultz, M., Eskin, E., Zadok, E., Stolfo, S,: Data Mining Methods for Detection of New Malicious Executables, Proceedings of IEEE Symposium on Security and Privacy (2001)
35. Stolfo, S., Lee, W., Chan, P., Fan, W., Eskin, E.: Data Mining-based Intrusion Detectors: An Overview of the Columbia IDS Project. SIGMOD Record, Vol. 30, No. 4 (2001) 5-14
36. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. Proceedings of Recent Advances in Intrusion Detection, Third International Workshop (2001) 54-68
37. Yang, D., Hu, C., Chen, Y.: A Framework of Cooperating Intrusion Detection Based on Clustering Analysis and Expert System. Proceedings of the 3rd international conference on Information Security (2004)