A data mining analysis of RTID alarms
作者: Stefanos Manganaris , Marvin Christensen , Dan Zerkle , Keith Hermiz
DOI: 10.1016/S1389-1286(00)00138-9
关键词: Data mining 、 The Internet 、 Context (language use) 、 Computer security 、 Service (systems architecture) 、 Variety (cybernetics) 、 Filter (software) 、 Computer science 、 Intrusion detection system
摘要: Abstract IBM's emergency response service provides real-time intrusion detection (RTID) services through the Internet for a variety of clients. As number clients increases, volume alerts generated by RTID sensors becomes intractable. This problem is aggravated fact that some may generate hundreds or even thousands innocent per day. With an eye towards managing these more effectively, data mining group analyzed database reports. The first objective was approach characterizing “normal” stream from sensor. Using such models tuned to individual sensors, we then developed methodology detecting anomalies. In contrast many popular approaches, decision filter alarm out not takes into consideration context in which it occurred and historical behavior sensor came from. Our second identify all different profiles our Based on their history alerts, discovered several types clients, with alert behaviors thus monitoring needs. We present issues encountered, solutions, findings, discuss how results be used large-scale operations.
raid-symposium.org
acm.org
elsevier.com参考文章(12)
Heikki Mannila, A. Inkeri Verkamo, Hannu Toivonen, Discovering Frequent Episodes in Sequences. knowledge discovery and data mining. pp. 210- 215 ,(1995)
Gregory Piatetsky-Shapiro, Usama M. Fayyad, Padhraic Smyth, From data mining to knowledge discovery: an overview knowledge discovery and data mining. pp. 1- 34 ,(1996)
Heikki Mannila, A. Inkeri Verkamo, Ramakrishnan Srikant, Hannu Toivonen, Rakesh Agrawal, Fast discovery of association rules knowledge discovery and data mining. pp. 307- 328 ,(1996)
Gordon Linoff, Michael J. Berry, Data Mining Techniques: For Marketing, Sales, and Customer Support ,(1997)
Sergey Brin, Rajeev Motwani, Jeffrey D. Ullman, Shalom Tsur, Dynamic itemset counting and implication rules for market basket data international conference on management of data. ,vol. 26, pp. 255- 264 ,(1997) , 10.1145/253260.253325
Isidore Rigoutsos, Aris Floratos, Motif discovery without alignment or enumeration (extended abstract) research in computational molecular biology. pp. 221- 227 ,(1998) , 10.1145/279069.279118
Joseph P. Bigus, Data mining with neural networks ,(1996)
Pierre Michaud, Condorcet — a man of the avant‐garde Applied Stochastic Models and Data Analysis. ,vol. 3, pp. 173- 189 ,(1987) , 10.1002/ASM.3150030305
Kui W. Mok, Salvatore J. Stolfo, Wenke Lee, Mining audit data to build intrusion detection models knowledge discovery and data mining. pp. 66- 72 ,(1998) , 10.7916/D8FX7H6X
R. Agrawal, R. Srikant, Mining sequential patterns international conference on data engineering. pp. 3- 14 ,(1995) , 10.1109/ICDE.1995.380415