ABSTRACT
In very many situations the collection of data from distributed hosts for its subsequent use to generate an intrusion detection profile may not be technically feasible (e.g., due to data size or network security transfer protocols). This situation is especially evident for data intensive intrusion profile generation (e.g., inducing profiles via data mining techniques). An alternative solution is to build a network profile by applying distributed data analysis methods (e.g., agent based computing). Such an approach is described in this paper. Global profiles are built using a Distributed Data Mining approach that integrates inductive generalization and Agent based computing. In this approach, classification rules are learned via tree induction from distributed data to be used as intrusion profiles. Agents, in a collaborative fashion, generate partial trees and communicate the temporary results among them in the form of indices to the data records. The process is terminated when a final tree is induced. This communication mechanism does not involve any data transfers, and in addition, a compression approach is used to reduce the communication bandwidth of data index transfers.
- Hudjarian, Ali Baik, Sung Bala, Jerzy; InferAgent - A Decision Tree Induction From Distributed Data Algorithm; Proceedings of the 5th World Multi-Conference on Systemics, Cybernetics and Informatics, Orlando, FL July, 2001.Google Scholar
- Ingram, H. Kremerm, Steven Rowe, Neil C., Distributed Intrusion Detection for Computer Systems Using Communicating Agents, Proceedings of the 2000 Command and Control Research and Technology Symposium, Monterey, CA, June 2000.Google Scholar
- Kumar, Sandeep, Classification and Detection of Computer Intrusions. Department of Computer Sciences, Purdue University, Ph.D Dissertation, 1995. Google ScholarDigital Library
- Lee, Wenke Stolfo, Salvatore J., Data Mining Approaches for Intrusion Detection, Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998. Google ScholarDigital Library
- Neumann, Peter Porras, Phillip A., Experience with EMERALD to Date, Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, April 1999. Google ScholarDigital Library
- Sobirey, Michael Richter, Birk, The Intrusion Detection System AID, Brandenburg University of Technology at Cottbus, On-line at http://www-rnks.informatik.tu-cottbus.de/~sobirey/aid.e.html.Google Scholar
Index Terms
- Application of a distributed data mining approach to network intrusion detection
Recommendations
An auto-learning approach for network intrusion detection
In this paper, we propose a novel intrusion detection technique with a fully automatic attack signatures generation capability. The proposed approach exploits a honeypot traffic data analysis to build an attack scenarios database, used to detect ...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Comments