A data mining framework for building intrusion detection models

Lee, Wenke; Stolfo, Salvatore J.; Mok, Kui W.

doi:10.1109/secpri.1999.766909

articleJan 20, 2003GREEN OA

A data mining framework for building intrusion detection models

WLWenke Lee SJSalvatore J. Stolfo KWKui W. Mok

Columbia University

Indexed incrossrefdatacite

Abstract

There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and slow. We describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. New detection models are…

Citation impact

1,160

total citations

FWCI: 65.08
Percentile: 100%
References: 93

Citations per year

Authors

3

Topics & keywords

Topics

Keywords

Intrusion detection system
Computer science
Anomaly detection
Anomaly-based intrusion detection system
Data mining
Session (web analytics)
Process (computing)
Audit

No related works found for this paper.

Funding

DA
Defense Advanced Research Projects Agency