Applicability of clustering to cyber intrusion detection
作者: Gilbert Hendry
DOI:
关键词:
摘要: Maintaining cyber security is a complex task, utilizing many levels of network information along with an array technology. Current practices for combating attacks typically use Intrusion Detection Systems (IDSs) to passively detect and block multi-stage attacks. Because the speed force at which new type attack can occur, automated detection response becoming apparent necessity. Anomaly-based systems, such as statistical-based or clustering algorithms, attempt address this by analyzing relative differences in host activity. Signature-based IDS systems are more accurate known attacks, but require time resources analyst update signature database. This work hypothesizes that latency from zero-day creation be shortened via anomaly-based algorithms. In particular, summarizing ability leveraged examined its applicability creation. first investigates modified density-based algorithm IDS, strengths weaknesses identified. Being able separate malicious normal activity, then applied supervised way Lessons learned development unsupervised real-time classification. Automating classification turns out satisfactory limitations. Density supports signatures diluted lead misclassification.
rit.edu参考文章(38)
Martin Ester, Aoying Zhou, Weining Qian, Feng Cao, Density-Based Clustering over an Evolving Data Stream with Noise. siam international conference on data mining. pp. 328- 339 ,(2006)
Samuel Patton, An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT Proceedings of RAID2001, Davis, CA, USA. ,(2001)
Zhuowei Li, Amitabha Das, Jianying Zhou, USAID: Unifying Signature-Based and Anomaly-Based Intrusion Detection Advances in Knowledge Discovery and Data Mining. pp. 702- 712 ,(2005) , 10.1007/11430919_81
Kalle Burbeck, Simin Nadjm-Tehrani, ADWICE – Anomaly Detection with Real-Time Incremental Clustering Lecture Notes in Computer Science. ,vol. 3506, pp. 407- 424 ,(2005) , 10.1007/11496618_30
Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
R. Vaarandi, A data clustering algorithm for mining patterns from event logs ip operations and management. pp. 119- 126 ,(2003) , 10.1109/IPOM.2003.1251233
Hans-Peter Kriegel, Martin Ester, Jörg Sander, Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial Databases with Noise knowledge discovery and data mining. pp. 226- 231 ,(1996)
Ron Kohavi, A study of cross-validation and bootstrap for accuracy estimation and model selection international joint conference on artificial intelligence. ,vol. 2, pp. 1137- 1143 ,(1995)
Yong Guo Liu, Xiao Feng Liao, Xue Ming Li, Zhong Fu Wu, A Tabu Clustering algorithm for Intrusion Detection intelligent data analysis. ,vol. 8, pp. 325- 344 ,(2004) , 10.3233/IDA-2004-8402
Terran Lane, Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection computer and communications security. pp. 150- 158 ,(1998) , 10.1145/288090.288122