Y.B. Reddy and R. Guha (USA)
Intrusion Detection, data mining, frequent episodes, Snort 2.
Intrusion detection has indeed come a long way, becoming a necessary means of monitoring, detecting, and responding to security threats. The present available firewalls are useful to monitor the traffic and work like a fence. Virus protection software helps to detect and stop known viruses. Similarly an intrusion detection system helps to detect the intruders that attack the computer facilities. Present available intrusion detection systems generate significantly high number of false alarms. Therefore we need alternative techniques to minimize false alarms. Collecting these warning alarms and altering the intrusion detection system will help change the installation's defensive posture to increase resistance to attack. Recent research experiments show that data mining approaches lead to new directions by creating models for intrusion detection. In this paper, we create the candidate features using frequent episodes on axis attributes [5 - 7]. The frequent episodes approach selects the active candidates that contribute more for vulnerability of the infrastructure in a variable window time. We then present a new algorithm to consider variable window time and association of variable windows to eliminate the low frequency or non contribution data for intrusions and keep the medium and high frequency data. The algorithm helps to minimize the size of the database, which is very useful for the application of data mining models for intrusion detection.
Important Links:
Go Back
