Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions
| |
|
A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions
Wenke Lee7  , Rahul A. Nimbalkar7, Kam K. Yee7, Sunil B. Patil7, Pragneshkumar H. Desai7, Thuan T. Tran7 and Salvatore J. Stolfo8
| (7) |
Department of Computer Science, North Carolina State University, Raleigh, NC 27695, USA |
| (8) |
Department of Computer Science, Columbia University, New York, NY 10027, USA |
Abstract
As the recent distributed Denial-of-Service (DDOS) attacks on several major Internet sites have shown us, no open computer
network is immune from intrusions. Furthermore, intrusion detection systems (IDSs) need to be updated timely whenever a novel
intrusion surfaces; and geographically distributed IDSs need to cooperate to detect distributed and coordinated intrusions.
In this paper, we describe an experimental system, based on the Common Intrusion Detection Framework (CIDF), where multiple
IDSs can exchange attack information to detect distributed intrusions. The system also includes an ID model builder, where
a data mining engine can receive audit data of a novel attack from an IDS, compute a new detection model, and then distribute
it to other IDSs. We describe our experiences in implementing such system and the preliminary results of deploying the system
in an experimental network.
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|