2000 Articles

Adaptive Model Generation for Intrusion Detection Systems

Eskin, Eleazar; Miller, Matthew; Zhong, Zhi-Da; Yi, George; Lee, Wei-Ang; Stolfo, Salvatore

In this paper, we present adaptive model generation, a method for automatically building detection models for data-mining based intrusion detection systems. Using the same data collected by intrusion detection sensors, adaptive model generation builds detection models on the fly. This significantly reduces the deployment cost of an intrusion detection system because it does not require building a training set. We present a real time system architecture and efficient implementation of automatic model generation. The system uses a model building algorithm that builds anomaly detection models over noisy data. We evaluate the system using the DARPA Intrusion Detection Evaluation data and show an increase in detection performance as more data is collected by the sensors.