Data Mining and Knowledge Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Systematic Framework for Analyzing Audit Data and Constructing Network ID Models


Affiliations
1 PRIST University, India
2 Department of Computer Applications, Adhiparasakthi College of Engineering, India
     

   Subscribe/Renew Journal


Intrusion detection system (IDSs) plays a vital role in the infrastructure protection mechanisms and these systems have to be accurate, adaptive and extensible. As the requirements and the complexities of today‟s network environment is becoming more and more, we need a more adaptive framework and automated IDS development process. This article describes a systematic data mining framework for constructing intrusion detection models. We propose to use the association rules and frequent episodes collected from audit data and to use these as basis for guiding the audit data gathering and feature selection processes. Our experiments on DARPA training audit data of network transmission activities showed that classification models can detect intrusions automatically in a more accurate way. We modify the two basic algorithms to use axis attribute(s) and variable attribute(s) to compute the relevant patterns. We use meta-learning as a mechanism to make IDs models more effective and adaptive. We report our experiment‟s results in using our framework on real-world audit data.

Keywords

Intrusion Detection, Classification, Audit Data, Association Rules, Frequent Episodes.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 238

PDF Views: 3




  • A Systematic Framework for Analyzing Audit Data and Constructing Network ID Models

Abstract Views: 238  |  PDF Views: 3

Authors

G. Mohammed Nazer
PRIST University, India
A. Arul Lawrence Selvakumar
Department of Computer Applications, Adhiparasakthi College of Engineering, India

Abstract


Intrusion detection system (IDSs) plays a vital role in the infrastructure protection mechanisms and these systems have to be accurate, adaptive and extensible. As the requirements and the complexities of today‟s network environment is becoming more and more, we need a more adaptive framework and automated IDS development process. This article describes a systematic data mining framework for constructing intrusion detection models. We propose to use the association rules and frequent episodes collected from audit data and to use these as basis for guiding the audit data gathering and feature selection processes. Our experiments on DARPA training audit data of network transmission activities showed that classification models can detect intrusions automatically in a more accurate way. We modify the two basic algorithms to use axis attribute(s) and variable attribute(s) to compute the relevant patterns. We use meta-learning as a mechanism to make IDs models more effective and adaptive. We report our experiment‟s results in using our framework on real-world audit data.

Keywords


Intrusion Detection, Classification, Audit Data, Association Rules, Frequent Episodes.