Data Mining for Intrusion Detection: from Outliers to True Intrusions

Goverdhan Singh 1 Florent Masseglia 1 Céline Fiot 1 Alice Marascu 1 Pascal Poncelet 2
1 AxIS - Usage-centered design, analysis and improvement of information systems
CRISAM - Inria Sophia Antipolis - Méditerranée , Inria Paris-Rocquencourt
2 TATOO - Fouille de données environnementales
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier
Abstract : Data mining for intrusion detection can be divided into several subtopics, among which unsupervised clustering has controversial properties. Unsupervised clustering for intrusion detection aims to i) group behaviors together depending on their similarity and ii) detect groups containing only one (or very few) behaviour. Such isolated behaviours are then considered as deviating from a model of normality and are therefore considered as malicious. Obviously, all atypical behaviours are not attacks or intrusion attempts. Hence, this is the limits of unsupervised clustering for intrusion detection. In this paper, we consider to add a new feature to such isolated behaviours before they can be considered as malicious. This feature is based on their possible repetition from one information system to another. We propose a new outlier mining principle and validate it through a set of experiments.
Type de document :
Communication dans un congrès
Thanaruk Theeramunkong and Boonserm Kijsirikul and Nick Cercone and Tu-Bao Ho. The 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD-09), Apr 2009, Bankok, Thailand. Springer, 5476, pp.891-898, 2009, Lecture Notes in Computer Science. 〈10.1007/978-3-642-01307-2_93〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/inria-00359206
Contributeur : Florent Masseglia <>
Soumis le : mercredi 28 octobre 2009 - 12:24:21
Dernière modification le : mardi 17 avril 2018 - 11:28:42
Document(s) archivé(s) le : samedi 26 novembre 2016 - 13:31:21

Fichier

442.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INRIA | LIRMM | MIPS | UNIV-MONTPELLIER

Citation

Goverdhan Singh, Florent Masseglia, Céline Fiot, Alice Marascu, Pascal Poncelet. Data Mining for Intrusion Detection: from Outliers to True Intrusions. Thanaruk Theeramunkong and Boonserm Kijsirikul and Nick Cercone and Tu-Bao Ho. The 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD-09), Apr 2009, Bankok, Thailand. Springer, 5476, pp.891-898, 2009, Lecture Notes in Computer Science. 〈10.1007/978-3-642-01307-2_93〉. 〈inria-00359206v2〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

356

Téléchargements de fichiers

337

Contact


archive-ouverte@inria.fr