Adaptive Model Generation for Intrusion Detection Systems
Eleazar Eskin; Matthew Miller; Zhi-Da Zhong; George Yi; Wei-Ang Lee; Salvatore Stolfo
- Adaptive Model Generation for Intrusion Detection Systems
- Computer Science
- Permanent URL:
- Presented at Workshop on Intrusion Detection Systems ("WIDS"), 7th ACM Conference on Computer and Communications Security, 1 November 2000, Athens, Greece.
- In this paper, we present adaptive model generation, a method for automatically building detection models for data-mining based intrusion detection systems. Using the same data collected by intrusion detection sensors, adaptive model generation builds detection models on the fly. This significantly reduces the deployment cost of an intrusion detection system because it does not require building a training set. We present a real time system architecture and efficient implementation of automatic model generation. The system uses a model building algorithm that builds anomaly detection models over noisy data. We evaluate the system using the DARPA Intrusion Detection Evaluation data and show an increase in detection performance as more data is collected by the sensors.
- Computer science
- Item views: