Home

Automated Intrusion Detection Methods Using NFR

Wenke Lee; Christopher T. Park; Salvatore Stolfo

Title:
Automated Intrusion Detection Methods Using NFR
Author(s):
Lee, Wenke; Park, Christopher T.; Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Notes:
Proceedings of the Workshop on Intrusion Detection and Network Monitoring (ID '99): April 9-12, 1999, Santa Clara, California (Berkeley, Calif.: USENIX Association, 1999).
Abstract:
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert security knowledge, changes to IDSs are expensive and require a large amount of programming and debugging. We describe a data mining framework for adaptively building Intrusion Detection (ID) models specifically for use with Network Flight Recorder (NFR). The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can be used for misuse detection and anomaly detection. Detection models are then incorporated into NFR through a machine translator, which produces a working detection model in the form of N-Code, NFR's powerful filtering language.
Subject(s):
Computer science
Item views:
298
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use