Home

Mining Audit Data to Build Intrusion Detection Models

Wenke Lee; Salvatore Stolfo; Kui W. Mok

Title:
Mining Audit Data to Build Intrusion Detection Models
Author(s):
Lee, Wenke
Stolfo, Salvatore
Mok, Kui W.
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Notes:
Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (Menlo Park, Calif.: AAAI Press, 1998).
Abstract:
In this paper we discuss a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Our past experiments showed that classifiers can be used to detect intrusions, provided that sufficient audit data is available for training and the right set of system features are selected. We propose to use the association rules and frequent episodes computed from audit data as the basis for guiding the audit data gathering and feature selection processes. We modify these two basic algorithms to use axis attribute(s) as a form of item constraints to compute only the relevant ("useful") patterns, and an iterative level-wise approximate mining procedure to uncover the low frequency (but important) patterns. We report our experiments in using these algorithms on real-world audit data.
Subject(s):
Computer science
Item views:
169
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use