STUDY SPACE
A Data Mining Framework for Building Intrusion Detection Models

A Data Mining Framework for Building Intrusion Detection Models

| Wenke Lee, Salvatore J. Stolfo, Kui W. Mok
This paper presents a data mining framework for building Intrusion Detection Systems (IDS) that can adapt to new attack methods and computing environments. The framework leverages auditing programs to extract features from network connections or host sessions and applies data mining techniques to learn rules that accurately capture intrusion and normal activities. These rules are used for misuse detection and anomaly detection. The framework incorporates new detection models through meta-learning, which combines evidence from multiple models to produce a meta-detection model. The authors discuss the strengths of their data mining programs, including classification, meta-learning, association rules, and frequent episodes. They report results from applying these programs to network audit data from the 1998 DARPA Intrusion Detection Evaluation Program, demonstrating the effectiveness of their approach in building accurate and adaptable IDS models. The paper also explores related work and outlines future research directions, including network anomaly detection and real-time IDS modules.This paper presents a data mining framework for building Intrusion Detection Systems (IDS) that can adapt to new attack methods and computing environments. The framework leverages auditing programs to extract features from network connections or host sessions and applies data mining techniques to learn rules that accurately capture intrusion and normal activities. These rules are used for misuse detection and anomaly detection. The framework incorporates new detection models through meta-learning, which combines evidence from multiple models to produce a meta-detection model. The authors discuss the strengths of their data mining programs, including classification, meta-learning, association rules, and frequent episodes. They report results from applying these programs to network audit data from the 1998 DARPA Intrusion Detection Evaluation Program, demonstrating the effectiveness of their approach in building accurate and adaptable IDS models. The paper also explores related work and outlines future research directions, including network anomaly detection and real-time IDS modules.
Terms of Service
Privacy Policy
Reach us at info@study.space