Open AccessTOWARDS DATA MINING TEMPORAL PATTERNS FOR ANOMALY INTRUSION DETECTION SYSTEMS
Author(s) -
Sam Sengupta,
Bruno Andriamanalimanana,
Stuart W. Card,
Pradnya Kadam,
Saket Ranwadkar,
Kaustav Das,
Sagar V. Parikh
Publication year - 2014
Publication title -
computing
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.184
H-Index - 11
eISSN - 2312-5381
pISSN - 1727-6209
DOI - 10.47839/ijc.2.2.205
Subject(s) - intrusion detection system , computer science , anomaly detection , anomaly (physics) , data mining , anomaly based intrusion detection system , a priori and a posteriori , data stream mining , warning system , mode (computer interface) , state (computer science) , host (biology) , variety (cybernetics) , computer security , artificial intelligence , algorithm , physics , operating system , telecommunications , ecology , philosophy , epistemology , biology , condensed matter physics
A reasonably light-weight host and net-centric Network IDS architecture model is indicated. The model is anomaly based on a state-driven notion of “anomaly”. Therefore, the relevant distribution function need not remain constant; it could migrate from states to states without any a priori warning so long as its residency time at a next steady state is sufficiently long to make valid observations there. Only those intrusion events (basically DOS and DDOS variety) capable of triggering anomalous streams of attacks/response both near and/or far of target monitoring point(s) are considered at the first level of detection. At the next level of detection, the filtered states could be fine-combed in a batch mode to mine unacceptable strings of commands or known attack signatures.