Adaptive Model Generation for Intrusion Detection Systems

Eleazar Eskin; Matthew Miller; Zhi-Da Zhong; George Yi; Wei-Ang Lee; Salvatore Stolfo

Adaptive Model Generation for Intrusion Detection Systems
Eskin, Eleazar
Miller, Matthew
Zhong, Zhi-Da
Yi, George
Lee, Wei-Ang
Stolfo, Salvatore
Computer Science
Permanent URL:
Presented at Workshop on Intrusion Detection Systems ("WIDS"), 7th ACM Conference on Computer and Communications Security, 1 November 2000, Athens, Greece.
In this paper, we present adaptive model generation, a method for automatically building detection models for data-mining based intrusion detection systems. Using the same data collected by intrusion detection sensors, adaptive model generation builds detection models on the fly. This significantly reduces the deployment cost of an intrusion detection system because it does not require building a training set. We present a real time system architecture and efficient implementation of automatic model generation. The system uses a model building algorithm that builds anomaly detection models over noisy data. We evaluate the system using the DARPA Intrusion Detection Evaluation data and show an increase in detection performance as more data is collected by the sensors.
Computer science
Item views:
text | xml
Suggested Citation:
Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Wei-Ang Lee, Salvatore Stolfo, 2000, Adaptive Model Generation for Intrusion Detection Systems, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:8725.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use | Copyright