ADMIT

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

ADMIT: anomaly-based data mining for intrusions

Full text

Pdf (1.33 MB)

Source

International Conference on Knowledge Discovery and Data Mining archive
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining table of contents

Edmonton, Alberta, Canada

SESSION: Industry track papers table of contents

Pages: 386 - 395

Year of Publication: 2002

ISBN:1-58113-567-X

Authors

Karlton Sequeira	Rensselaer Polytechnic Institute, Troy, New York
Mohammed Zaki	Rensselaer Polytechnic Institute, Troy, New York

Sponsors

SIGKDD: ACM Special Interest Group on Knowledge Discovery in Data
SIGMOD: ACM Special Interest Group on Management of Data
: AAAI

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 80, Citation Count: 16

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/775047.775103 What is a DOI?

ABSTRACT

Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	David W. Aha , Dennis Kibler , Marc K. Albert, Instance-Based Learning Algorithms, Machine Learning, v.6 n.1, p.37-66, Jan. 1991 [doi>10.1023/A:1022689900470]
	2	K. Alsabti, S. Ranka, V. Singh. An efficient K-means Clustering Algorithm. In 11th International Parallel Processing Symposium, 1998.
	3	João B. D. Cabrera , Lundy Lewis , Raman K. Mehra, Detection and classification of intrusions and faults using sequences of system calls, ACM SIGMOD Record, v.30 n.4, December 2001 [doi>10.1145/604264.604269]
	4	Thomas T. Cormen , Charles E. Leiserson , Ronald L. Rivest, Introduction to algorithms, MIT Press, Cambridge, MA, 1990
	5	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987 [doi>10.1109/TSE.1987.232894]
	6	W. DuMouchel. Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities. In National Institute of Statistical Sciences Tech. Report 91, February 1999.
	7	S.A. Hofmeyr, S. Forrest, A. Somayaji. Intrusion Detection using sequences of system calls. In Journal of Computer Security, 6:151--180, 1998.
	8	L. Kaufmann, P.J. Rousseeuw. Finding Groups in Data: An Introduction to Cluster Analysis. John Wiley and Sons. March 1990.
	9	S. Kumar, E. H. Spafford. A pattern matching model for misuse intrusion detection. In 17th National Computer Security Conference, pp. 11--21, 1994.
	10	Terran D. Lane , Carla E. Brodley, Machine learning techniques for the computer security domain of anomaly detection, 2000
	11	Terran Lane , Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection, ACM Transactions on Information and System Security (TISSEC), v.2 n.3, p.295-331, Aug. 1999 [doi>10.1145/322510.322526]
	12	D. J. Langin. Out of the NOC(a) and Into the Boardroom: Director and Officer Responsibility for Information Security. July 30, 2001. URL: http://www.recourse.com/news/press/releases/r073001.html
	13	W. Lee, S. J. Stolfo. Data Mining Approaches for Intrusion Detection. In Proceedings of the 7th USENIX Security Symposium, January 1998.
	14	W. Lee, S. Stolfo, P. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, J. Zhang. Real Time Data Mining-based Intrusion Detection. In DARPA Information Survivability Conference and Exposition II. June 2001.
	15	P. A. Porras, P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In 20th National Information Systems Security Conference, October 1997.
	16	L. Portnoy, E. Eskin, S. Stolfo. Intrusion detection with unlabeled data using clustering. In ACM Workshop on Data Mining Applied to Security (DMSA 2001), November 2001.
	17	J. Ryan, M.J. Lin, R. Miikkulainen. Advances In Neural Information Processing Systems 10, Cambridge, MA: MIT Press 1998.
	18	M. Schonlau, W. DuMouchel, W. Ju, A. Karr, M. Theus, Y. Vardi. Computer Intrusion: Detecting Masquerades. Statistical Science, 16:1--17. February 2001.
	19	J. S. Balasubramaniyan , J. O. Garcia-Fernandez , D. Isacoff , E. Spafford , D. Zamboni, An Architecture for Intrusion Detection Using Autonomous Agents, Proceedings of the 14th Annual Computer Security Applications Conference, p.13, December 07-11, 1998
	20	Alfonso Valdes , Keith Skinner, Adaptive, Model-Based Monitoring for Cyber Attack Detection, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.80-92, October 02-04, 2000
	21	C. Warrender, S. Forrest, B. Pearlmutter. Detecting intrusions using system calls: alternative data models. In IEEE Symposium on Security and Privacy, 1999.
	22	D. Zamboni. Using clustering to detect abnormal behavior in a distributed intrusion detection system. Unreleased Technical Report, Purdue University. August, 2001.

CITED BY 16

	M. Otey , S. Parthasarathy , A. Ghoting , G. Li , S. Narravula , D. Panda, Towards NIC-based intrusion detection, Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, August 24-27, 2003, Washington, D.C.
	Tansel Özyer , Reda Alhajj , Ken Barker, A boosting genetic fuzzy classifier for intrusion detection using data mining techniques for rule pre-screening, Design and application of hybrid intelligent systems, IOS Press, Amsterdam, The Netherlands, 2003
	Maja Pusara , Carla E. Brodley, User re-authentication via mouse movements, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
	Latifur Khan , Mamoun Awad , Bhavani Thuraisingham, A new intrusion detection system using support vector machines and hierarchical clustering, The VLDB Journal — The International Journal on Very Large Data Bases, v.16 n.4, p.507-521, October 2007
	Guizhen Yang, Computational aspects of mining maximal frequent patterns, Theoretical Computer Science, v.362 n.1, p.63-85, 11 October 2006
	Yihua Liao , V. Rao Vemuri , Alejandro Pasos, Adaptive anomaly detection with evolving connectionist systems, Journal of Network and Computer Applications, v.30 n.1, p.60-80, January 2007
	Tansel Özyer , Reda Alhajj , Ken Barker, Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening, Journal of Network and Computer Applications, v.30 n.1, p.99-113, January 2007
	Kalle Burbeck , Simin Nadjm-Tehrani, Adaptive real-time anomaly detection with incremental clustering, Information Security Tech. Report, v.12 n.1, p.56-67, January, 2007
	Animesh Patcha , Jung-Min Park, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.12, p.3448-3470, August, 2007
	Matthew Eric Otey , Amol Ghoting , Srinivasan Parthasarathy, Fast Distributed Outlier Detection in Mixed-Attribute Data Sets, Data Mining and Knowledge Discovery, v.12 n.2-3, p.203-228, May 2006
	Yubao Liu , Jiarong Cai , Zhilan Huang , Jingwen Yu , Jian Yin, Fast detection of database system abuse behaviors based on data mining approach, Proceedings of the 2nd international conference on Scalable information systems, June 06-08, 2007, Suzhou, China
	Amol Ghoting , Srinivasan Parthasarathy , Matthew Eric Otey, Fast mining of distance-based outliers in high-dimensional datasets, Data Mining and Knowledge Discovery, v.16 n.3, p.349-364, June 2008
	Mao Ye , Xue Li , Maria E. Orlowska, Projected outlier detection in high-dimensional mixed-attributes data set, Expert Systems with Applications: An International Journal, v.36 n.3, p.7104-7113, April, 2009
	Alice Marascu , Florent Masseglia, Parameterless outlier detection in data streams, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
	Xiaochun Yang , Yiu-Kai Ng, Answering form-based web queries using the data-mining approach, Journal of Intelligent Information Systems, v.30 n.1, p.1-32, February 2008
	Varun Chandola , Arindam Banerjee , Vipin Kumar, Anomaly detection: A survey, ACM Computing Surveys (CSUR), v.41 n.3, p.1-58, July 2009