Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/association-for-computing-machinery/an-adaptive-automatically-tuning-intrusion-detection-system-PSbVbOIJpA
References (35)
-
ACM Transactions on Autonomous and Adaptive Systems -
M. Mukaidono (2001)
Fuzzy Logic For Beginners -
Xiangyang Li, Nong Ye (2001)
Decision Tree Classifiers for Computer Intrusion DetectionScalable Comput. Pract. Exp., 4
-
B. Pfahringer (2000)
Winning the KDD99 classification cup: bagged boostingSIGKDD Explor., 1
-
Mahmood Hossain, S. Bridges (2001)
A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING -
A. Valdes, K. Skinner (2001)
Probabilistic Alert Correlation -
S. Manganaris, M. Christensen, Dan Zerkle, K. Hermiz (2000)
A Data Mining Analysis of RTID AlarmsComput. Networks, 34
-
Wenke Lee, Dong Xiang (2001)
Information-theoretic measures for anomaly detectionProceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
-
Li-Xin Wang (1996)
A Course In Fuzzy Systems and Control -
P. Dokas, Levent Ertoz, Vipin Kumar, A. Lazarevic, J. Srivastava, P. Tan (2002)
Data Mining for Network Intrusion Detection -
Wenke Lee, S. Stolfo, P. Chan, E. Eskin, Wei Fan, Matthew Miller, Shlomo Hershkop, Junxin Zhang (2001)
Real time data mining-based intrusion detectionProceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01, 1
-
Jianxiong Luo, S. Bridges, Rayford Vaugham (2001)
Fuzzy frequent episodes for real-time intrusion detection10th IEEE International Conference on Fuzzy Systems. (Cat. No.01CH37297), 1
-
E. Eskin, Matthew Miller, ZhiZhong Zhong, George Yi, Wei-Ang Lee, S. Stolfo (2000)
Adaptive Model Generation for Intrusion Detection Systems -
Itzhak Levin (2000)
KDD-99 classifier learning contest LLSoft's results overviewSIGKDD Explor., 1
-
Nong Ye, S. Emran, Qiang Chen, Sean Vilbert (2002)
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion DetectionIEEE Trans. Computers, 51
-
Zhenwei Yu, J. Tsai (2006)
An efficient intrusion detection system using a boosting-based learning algorithmInt. J. Comput. Appl. Technol., 27
-
Jonatan Gómez, D. Dasgupta (2002)
Evolving Fuzzy Classifiers for Intrusion Detection -
C. Elkan (2000)
Results of the KDD'99 classifier learningSIGKDD Explor., 1
-
J. Ryan, M. Lin, R. Miikkulainen (1997)
Intrusion Detection with Neural Networks -
William Cohen, Y. Singer (1999)
A simple, fast, and effective rule learner -
German Florez, S. Bridges, R. Vaughn (2002)
An improved algorithm for fuzzy data mining for intrusion detection2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622)
-
(1999)
The UCI KDD archive -
Xuan Hoang, Jiankun Hu, P. Bertók (2004)
Data Mining Methods for Network Intrusion Detection -
Wenke Lee, S. Stolfo (2000)
A framework for constructing features and models for intrusion detection systemsACM Trans. Inf. Syst. Secur., 3
-
Zhenwei Yu, J. Tsai (2004)
A multi-class SLIPPER system for intrusion detectionProceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004.
-
Sandeep Kumar, E. Spafford (1994)
A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION -
Daniel Barbará, Julia Couto, S. Jajodia, L. Popyack, Ningning Wu (2001)
ADAM: Detecting Intrusions by Data Mining -
Maheshkumar Sabhnani, G. Serpen (2003)
Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context -
A. Honig, Andrew Howard, E. Eskin, S. Stolfo (2002)
Adaptive Model Generation: An Architecture for Deployment of Data Mining-Based Intrusion Detection Systems -
(2003)
SAFE: IDS deployment, tuning, and logging in depth. CISCO SAFE white paper -
A. Honig, Andrew Howard, E. Eskin, S. Stolfo (2002)
Adaptive Model Generation -
R. Agarwal, M. Joshi (2001)
PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) -
Jianxiong Luo, S. Bridges (2000)
Mining fuzzy association rules and fuzzy frequency episodes for intrusion detectionInternational Journal of Intelligent Systems, 15
-
(2008)
Article 10, Publication date -
(2007)
Received August
- Publisher
- Association for Computing Machinery
- Copyright
- Copyright © 2008 by ACM Inc.
- ISSN
- 1556-4665
- DOI
- 10.1145/1380422.1380425
- Publisher site
- See Article on Publisher Site
Abstract
An intrusion detection system (IDS) is a security layer to detect ongoing intrusive activities in computer systems and networks. Current IDS have two main problems: The first problem is that typically so many alarms are generated as to overwhelm the system operator, many of these being false alarms. The second problem is that continuous tuning of the intrusion detection model is required in order to maintain sufficient performance due to the dynamically changing nature of the monitored system. This manual tuning process relies on the system operators to work out the updated tuning solution and to integrate it into the detection model. In this article, we present an automatically tuning intrusion detection system, which controls the number of alarms output to the system operator and tunes the detection model on the fly according to feedback provided by the system operator when false predictions are identified. This system adapts its behavior (i) by throttling the volume of alarms output to the operator in response to the ability of the operator to respond to these alarms, and (ii) by deciding how aggressively the detection model should be tuned based on the accuracy of earlier predictions. We evaluated our system using the KDDCup'99 intrusion detection dataset. Our results show that an adaptive, automatically tuning intrustion detection system will be both practical and efficient.
Journal
ACM Transactions on Autonomous and Adaptive Systems (TAAS) – Association for Computing Machinery
Published: Aug 1, 2008