A real-time Network Intrusion Detection System based on incremental mining approach

被引：1

作者：

Su, Ming-Yang ^{[1
]}

Chang, Kai-Chi ^{[2
]}

Wei, Hua-Fu ^{[1
]}

Lin, Chun-Yuen ^{[1
]}

机构：

[1] Ming Chuan Univ, Dept Comp Sci & Informat Engn, Tao Yuan, Taiwan

[2] Ming Chuan Univ, Taipei, Taiwan

来源：

ISI 2008: 2008 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS | 2008年

关键词：

network security; real-time NIDS; anomaly-based NIDS; association rules; fuzzy association rules; online mining; incremental mining;

D O I：

10.1109/ISI.2008.4565050

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

The fuzzy association rule has been proven to be effective to present users' network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to fuzzy association rule can meet the real-time requirement because they all applied static mining approach. In the paper, we propose a real-time NIDS by incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack-free packets, our system can make a decision per time unit, 2 seconds in the paper. Experiments have been done to demonstrate its excellent effectiveness and efficiency of the system.

引用

页码：179 / +

页数：2

共 15 条

[1]

Agrawal R., 1993, MINING ASS RULES SET, DOI 10.1145/170035.170072

[2] Mining fuzzy association rules in a bank-account database [J].

Au, WH ;

Chan, KCC .

IEEE TRANSACTIONS ON FUZZY SYSTEMS, 2003, 11 (02) :238-248

[3]

DICKERSON JE, 2000, FUZZY NETWORK PROFIL

[4]

DONG WX, 2005, IEEE C FUZZ SYST

[5]

ELSEMARY A, 2006, IEEE WORKSH INF ASS

[6]

FLOREZ G, 2002, IEEE FUZZY INFORM

[7]

HOSSAIN M, 2003, IEEE C SYST MAN CYB

[8]

KAYA M, 2003, IEEE C DAT MIN

[9]

KAYA M, 2003, IEEE C FUZZ SYST

[10]

KUOK C, 1997, ACM C INF KNOWL MAN

← 1 2 →