Data mining model and algorithm in IDS

被引:0
作者
Huang, TS [1 ]
Xiong, P [1 ]
Zhu, TQ [1 ]
机构
[1] Wuhan Univ, Sch Electron & Informat, Wuhan 430072, Peoples R China
来源
APOC 2003: ASIA-PACIFIC OPTICAL AND WIRELESS COMMUNICATIONS; NETWORK ARCHITECTURES, MANAGEMENT, AND APPLICATIONS, PTS 1 AND 2 | 2003年 / 5282卷
关键词
Intrusion Detection System; data mining; decision tree;
D O I
10.1117/12.517378
中图分类号
O43 [光学];
学科分类号
070207 ; 0803 ;
摘要
In this paper. data mining technologies are used to analyze and extract features that can distinguish normal activities from intrusions. Based on the common model CIDF, we present an IDS framework with an embedded data mining module to improve accuracy of IDS. Three subsystems (including monitor system, data process system and decision-making system) in the framework are introduced respectively. Using experiments on mining network connection features, we present a decision-tree classification algorithm, which uses data set of network connection features as training data set to build decision tree. Using system behaviors as new samples and testing their attributes on the decision tree can recognize anomalies and unknown intrusions accurately.
引用
收藏
页码:570 / 576
页数:7
相关论文
共 5 条
[1]  
[Anonymous], 1998, P 7 USENIX SEC S SAN
[2]  
Eskin E., 2000, P 17 INT C MACH LEAR
[3]  
Han J., 2012, Data Mining, P393, DOI [DOI 10.1016/B978-0-12-381479-1.00009-5, 10.1016/B978-0-12-381479-1.00001-0]
[4]  
NORTHCUTT S, 2000, NETWORK INTRUSION DE
[5]  
STEVENS WR, 2000, TCPIP ILLUSTRATED, V1
1