Mining Common Outliers for Intrusion Detection
| Autor: | Alice Marascu, Goverdhan Singh, Pascal Poncelet, Florent Masseglia, Céline Fiot |
|---|---|
| Přispěvatelé: | Usage-centered design, analysis and improvement of information systems (AxIS), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria), Scientific Data Management (ZENITH), Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM), Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Fouille de données environnementales (TATOO), Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM), Fabrice Guillet, Gilbert Ritschard, Djamel Abdelkader Zighed, Henri Briand, Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Inria Sophia Antipolis - Méditerranée (CRISAM), Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS) |
| Jazyk: | angličtina |
| Rok vydání: | 2010 |
| Předmět: |
[INFO.INFO-DB]Computer Science [cs]/Databases [cs.DB]
business.industry Anomaly-based intrusion detection system Data stream mining Pattern recognition 02 engineering and technology Intrusion detection system Anomalies computer.software_genre Intrusion Detection Set (abstract data type) Geography Similarity (network science) Feature (computer vision) Data Streams 020204 information systems Outlier 0202 electrical engineering electronic engineering information engineering Outliers 020201 artificial intelligence & image processing Anomaly detection Artificial intelligence Data mining business computer |
| Zdroj: | Advances in Knowledge Discovery and Management Fabrice Guillet; Gilbert Ritschard; Djamel Abdelkader Zighed; Henri Briand. Advances in Knowledge Discovery and Management, 292, Springer, pp.217-234, 2010, Studies in Computational Intelligence, 978-3-642-00579-4. ⟨10.1007/978-3-642-00580-0_13⟩ Advances in Knowledge Discovery and Management ISBN: 9783642005794 EGC (best of volume) |
| DOI: | 10.1007/978-3-642-00580-0_13⟩ |
| Popis: | International audience; Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering (which has controversial properties). Unsupervised clustering for intrusion detection aims to i) group behaviours together depending on their similarity and ii) detect groups containing only one (or very few) behaviour(s). Such isolated behaviours seem to deviate from the model of normality; therefore, they are considered as malicious. Obviously, not all atypical behaviours are attacks or intrusion attempts. This represents one drawback of intrusion detection methods based on clustering.We take into account the addition of a new feature to isolated behaviours before they are considered malicious. This feature is based on the possible repeated occurrences of the bahaviour on many information systems. Based on this feature, we propose a new outlier mining method which we validate through a set of experiments. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|