Intrusion detection systems have traditionally been based on the characterization of an attack and the tracking of the activity on the system to see if it matches that characterization. Recently, new intrusion detection systems based on data mining are making their appearance in the field. This paper describes the design and experiences with the ADAM (Audit Data Analysis and Mining) system, which we use as a testbed to study how useful data mining techniques can be in intrusion detection.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rakesh Agrawal , Tomasz Imieliński , Arun Swami, Mining association rules between sets of items in large databases, Proceedings of the 1993 ACM SIGMOD international conference on Management of data, p.207-216, May 25-28, 1993, Washington, D.C., United States
	2	D. Anderson and T. Frivold and A. Valdes. NIDES: A Summary. In http://www.sdl.sri.com/nides/index5.html
	3	D. Anderson and T. Lunt and H. Javitz and A. Tamaru and A. Valdes. Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES). Technical Report, SRI-CSL-95-06, Computer Science Laboratory, SRI International, May 1995.
	4	D. Barbará and J. Couto and S. Jajodia and N. Wu. ADAM: Detecting Intrusions by Data Mining. Proceedings of the IEEE SMC Information Assurance Workshop, West Point, NY, 2001.
	5	D. Barbará and N. Wu and S. Jajodia. Detecting Novel Network Intrusions Using Bayes Estimators. Proceedings of the First SIAM International Conference on Data Mining, April 2001, Chicago, USA.
	6	V. Barnett and T. Lewis. Outliers in Statistical Data. 3rd Edition. Wiley, 1994.
	7	Y.M.M. Bishop and S.E. Fienberg. Discrete Multivariate Analysis: Theory and Practice. The MIT Press, 1975.
	8	W.W. Cohen. Fast Effective Rule Induction. In Proceedings of the 12th International Conference on Machine Learning, Lake Taho, CA, 1995.
	9	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987  [doi>10.1109/TSE.1987.232894]
	10	Usama M. Fayyad , Gregory Piatetsky-Shapiro , Padhraic Smyth , Ramasamy Uthurusamy, Advances in knowledge discovery and data mining, American Association for Artificial Intelligence, Menlo Park, CA, 1996
	11	General Accounting Office. Information Security: Computer Attacks at Department of Defense Pose Increasing Risks. GAO/AIMD-96-84, May, 1996.
	12	K. Ilgun. USTAT: A Real-Time Intrusion Detection System for UNIX. Master Thesis, University of California, Santa Barbara, November 1992.
	13	H.S. Javitz and A. Valdes, The SRI IDES Statistical Anomaly Detector. In http://www.sdl.sri.com/nides/index5.html
	14	W. Lee and S. Stolfo. Data Mining Approaches for Intrusion Detection. In Proceedings of the 7th USENIX Security Symposium, 1998.
	15	W. Lee and S.Stolfo and K. Mok. A Data Mining Framework for Building Intrusion Detection Models. In Proceedings of the IEEE Symposium on Security and Privacy, 1999.
	16	W. Lee and S.J. Stolfo and K. Mok. Mining Audit Data to Build Intrusion Detection Models. In Proceedings of the International Conference on Knowledge and Data Mining, August 1998.
	17	U. Lindqvist, P.A. Porras. Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In Proceedings of the 1999 IEEE Symposium on Security and Privacy. pp. 146-161.
	18	T.F. Lunt and R Jagannathan. A Prototype Real-Time Intrusion-Detection Expert System. In Proceedings of the IEEE Symposium on Security and Privacy, 1988, pp. 18-21.
	19	MIT Lincoln Laboratories DARPA Intrusion Evaluation Detection. In http://www.ll.mit.edu/IST/ideval/
	20	Ravi Mukkamala , Jason Gagnon , Sushil Jajodia, Integrating Data Mining Techniques with Intrusion Detection Methods, Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security, p.33-46, July 26-28, 1999
	21	P.A. Porras. STAT: A State Transition Analysis for Intrusion Detection. Master Thesis, Computer Science Department, University of California, Santa Barbara, 1992.
	22	P.A. Porras and P.G. Neumann EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the National Information Systems Security Conference, 1997, pp. 353-365.
	23	I. Sager et al. Cyber Crime. In Business Week, February 21, 2000.
	24	S. Smaha. Haystack audit trail analysis system. Status Report HS-STAT.TXT Haystack Laboratories, Colorado, Aug., 1990.
	25	Harry L. Van Trees, Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise, Krieger Publishing Co., Inc., Melbourne, FL, 1992
	26	G. Vigna , R. A. Kemmerer, NetSTAT: A Network-Based Intrusion Detection Approach, Proceedings of the 14th Annual Computer Security Applications Conference, p.25, December 07-11, 1998
	27	Ian H. Witten , Eibe Frank, Data mining: practical machine learning tools and techniques with Java implementations, Morgan Kaufmann Publishers Inc., San Francisco, CA, 2000

• Data structures for quadtree approximation and compression Communications of the ACM   28, 9
  Hanan Samet
  
  
• A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
  Kim S. Lee ,  Huizhu Lu ,  D. D. Fisher
  
  
• The GemStone object database management system Communications of the ACM   34, 10
  Paul Butterworth ,  Allen Otis ,  Jacob Stein
  
  
• Putting innovation to work: adoption strategies for multimedia communication systems Communications of the ACM   34, 12
  Ellen Francik ,  Susan Ehrlich Rudman ,  Donna Cooper ,  Stephen Levine
  
  
• An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
  Gwo-Dong Chen ,  Daniel D. Gajski