Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Intrusion Detection Using Knowledge Discovery Method


Affiliations
1 Department of Computer Science & Engineering, Bapatla Engineering College, Bapatla, Andhra Pradesh, India
     

   Subscribe/Renew Journal


In this paper, we focus on issues related to deploying a data mining-based IDS in a real time environment. We describe our approaches to address three types of issues:accuracy, efficiency, and usability. To improve accuracy, data mining programs are used to analyze audit data and extract features that can distinguish normal activities from intrusions;we use artificial anomalies along with normal and/or intrusion data to produce more effective misuse and anomaly detection models. To improve efficiency, the computational costs of features are analyzed and a multiple-model cost based approach is used to produce detection models with low cost and high accuracy. We also present a distributed architecture for evaluating cost-sensitive models in real time. To improve usability, adaptive learning algorithms are used to facilitate model construction and incremental updates; unsupervised anomaly detection algorithms are used to reduce the reliance on labeled data. We also present an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. This architecture also improves the efficiency and scalability of the IDS.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 264

PDF Views: 2




  • Intrusion Detection Using Knowledge Discovery Method

Abstract Views: 264  |  PDF Views: 2

Authors

K. Madhusudhana Rao
Department of Computer Science & Engineering, Bapatla Engineering College, Bapatla, Andhra Pradesh, India
G. Ramesh Babu
Department of Computer Science & Engineering, Bapatla Engineering College, Bapatla, Andhra Pradesh, India
Shaik Nazeer
Department of Computer Science & Engineering, Bapatla Engineering College, Bapatla, Andhra Pradesh, India

Abstract


In this paper, we focus on issues related to deploying a data mining-based IDS in a real time environment. We describe our approaches to address three types of issues:accuracy, efficiency, and usability. To improve accuracy, data mining programs are used to analyze audit data and extract features that can distinguish normal activities from intrusions;we use artificial anomalies along with normal and/or intrusion data to produce more effective misuse and anomaly detection models. To improve efficiency, the computational costs of features are analyzed and a multiple-model cost based approach is used to produce detection models with low cost and high accuracy. We also present a distributed architecture for evaluating cost-sensitive models in real time. To improve usability, adaptive learning algorithms are used to facilitate model construction and incremental updates; unsupervised anomaly detection algorithms are used to reduce the reliance on labeled data. We also present an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. This architecture also improves the efficiency and scalability of the IDS.