Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Data Mining Approaches for Intrusion Detection
Tweet

connect with us

Data Mining Approaches for Intrusion Detection

Authors: 

Wenke Lee and Salvatore J. Stolfo, Columbia University

Abstract: 

In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant system features to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Using experiments on the sendmail system call data and the network tcpdump data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview on two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can be used to compute the intra- and inter- audit record patterns, which are essential in describing program or user behavior. The discovered patterns can guide the audit data gathering process and facilitate feature selection. To meet the challenges of both efficient learning (mining) and real-time detection, we propose an agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents.

Wenke Lee, Columbia University

Salvatore J. Stolfo, Columbia University

BibTeX
@inproceedings {261394,
author = {Wenke Lee and Salvatore J. Stolfo},
title = {Data Mining Approaches for Intrusion Detection},
booktitle = {7th {USENIX} Security Symposium ({USENIX} Security 98)},
year = {1998},
address = {San Antonio, TX},
url = {https://www.usenix.org/conference/7th-usenix-security-symposium/data-mining-approaches-intrusion-detection},
publisher = {{USENIX} Association},
month = jan,
}
Download

Links

Paper (HTML): 
http://usenix.org/publications/library/proceedings/sec98/full_papers/lee/lee_htm...
Paper: 
http://usenix.org/publications/library/proceedings/sec98/full_papers/lee/lee.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Conference Policies
  • Contact Us