Abstract
Traditional computer misuse detection techniques can identify known attacks efficiently, but perform very poorly in other cases. Anomaly detection has the potential to detect unknown attacks. However, it is a very challenging task since it is aimed at the detection of unknown attacks without any priori knowledge about specific intrusions. This technology is still at its early stage. Existing research in this area focuses either on user activity (macro-level) or on program operation (micro-level) but not on both simultaneously. In this paper, an attempt to look at both concurrently is presented. Based on an intrusion detection framework (Lee, 2001), we implemented a user anomaly detection system and conducted several intrusion detection experiments by analysing macro-level and micro-level activities. User behaviour modelling is based on data mining where frequent episode algorithms are used to build the user's normal profiles. The experimental results have shown that the system can detect anomalies and changes in the user's normal working patterns effectively.
Author supplied keywords
Cite
CITATION STYLE
Hoang, X. D., Hu, J., & Bertok, P. (2003). Intrusion detection based on data mining. In ICEIS 2003 - Proceedings of the 5th International Conference on Enterprise Information Systems (Vol. 3, pp. 341–346). Escola Superior de Tecnologia do Instituto Politecnico de Setubal. https://doi.org/10.1007/978-3-540-37275-2_90
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
