Abstracting audit data for lightweight intrusion detection
作者: Wei Wang , Xiangliang Zhang , Georgios Pitsilis
DOI: 10.1007/978-3-642-17714-9_15
关键词:
摘要: High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting a potential solution improve efficiency processing. In this work, we propose two strategies abstraction in order build lightweight detection model. The first strategy exemplar extraction and second attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well traditional k-means, are employed extract exemplars, Principal Component Analysis (PCA) abstract important attributes (a.k.a. features) from data. Real HTTP traffic collected our institute KDD 1999 used validate extensive test results show that process significantly improves has better than PCA
springer.com
core.ac.uk
sci-hub.st 参考文章(39)
Jay Beale, Snort 2.1 Intrusion Detection, Second Edition ,(2004)
Wenke Lee, Salvatore J. Stolfo, A data mining framework for constructing features and models for intrusion detection systems (computer security, network security) Columbia University. ,(1999)
Richard A. Kemmerer, Christopher Krügel, Giovanni Vigna, William K. Robertson, Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks. network and distributed system security symposium. ,(2006)
Xiangliang Zhang, Cyril Furtlehner, Michèle Sebag, Data Streaming with Affinity Propagation european conference on machine learning. pp. 628- 643 ,(2008) , 10.1007/978-3-540-87481-2_41
Kanoksri Sarinnapakorn, Mei-Ling Shyu, Shu-Ching Chen, LiWu Chang, A Novel Anomaly Detection Scheme Based on Principal Component Classifier international conference on data mining. pp. 172- 179 ,(2003)
H. L. Le Roy, L. Lecam, J. Neyman, Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability; Vol. IV Revue de l'Institut International de Statistique / Review of the International Statistical Institute. ,vol. 37, pp. 230- ,(1969) , 10.2307/1402306
Yihua Liao, V. Rao Vemuri, Using Text Categorization Techniques for Intrusion Detection usenix security symposium. pp. 51- 59 ,(2002)
Angelos D. Keromytis, Salvatore J. Stolfo, Yingbo Song, Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic network and distributed system security symposium. pp. 121- 135 ,(2009) , 10.7916/D86W9K09
Kenneth L. Ingham, Hajime Inoue, Comparing anomaly detection techniques for HTTP recent advances in intrusion detection. pp. 42- 62 ,(2007) , 10.1007/978-3-540-74320-0_3
Tarek Abudawood, Peter Flach, Evaluation Measures for Multi-class Subgroup Discovery european conference on machine learning. pp. 35- 50 ,(2009) , 10.1007/978-3-642-04180-8_20