Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Weighted Nebulous Matching over Frequent Episode Rules Using Internet Anomaly Detection


Affiliations
1 Department of CSE, A.V.C. College of Engineering, India
     

   Subscribe/Renew Journal


A new Internet traffic data mining technique presented for generating frequent episode rules (FER)[1]. Adaptive base-support threshold is applied to different axis attributes in these rules. We use the rules to build anomaly-based, network intrusion detection systems (NIDS)[2]. The episode rules detect anomalous sequences of TCP [3], UDP [4], or ICMP [5] connections. Three new pruning techniques are devised to reduce the rule search space by 70% in our bench mark experiments. Testing our scheme over real-life Internet trace data collected at USC mixed with 10 days of MIT/LL attack data, we encountered 20 or less false alarms over 200 network attacks. We detect with a success rate of 47% of all unknown network attacks. These results show a 51%improvement over the NIDS built with association rules, exclusively.

Keywords

Network Security, Intrusion Detection Systems, Anomaly Detection, Internet Traffic Analysis, Frequent Episode Rules, False Alarms and Adaptive Data Mining.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 141

PDF Views: 3




  • Weighted Nebulous Matching over Frequent Episode Rules Using Internet Anomaly Detection

Abstract Views: 141  |  PDF Views: 3

Authors

B. Muthulakshmi
Department of CSE, A.V.C. College of Engineering, India

Abstract


A new Internet traffic data mining technique presented for generating frequent episode rules (FER)[1]. Adaptive base-support threshold is applied to different axis attributes in these rules. We use the rules to build anomaly-based, network intrusion detection systems (NIDS)[2]. The episode rules detect anomalous sequences of TCP [3], UDP [4], or ICMP [5] connections. Three new pruning techniques are devised to reduce the rule search space by 70% in our bench mark experiments. Testing our scheme over real-life Internet trace data collected at USC mixed with 10 days of MIT/LL attack data, we encountered 20 or less false alarms over 200 network attacks. We detect with a success rate of 47% of all unknown network attacks. These results show a 51%improvement over the NIDS built with association rules, exclusively.

Keywords


Network Security, Intrusion Detection Systems, Anomaly Detection, Internet Traffic Analysis, Frequent Episode Rules, False Alarms and Adaptive Data Mining.