Collaborative Outlier Mining for Intrusion Detection

Goverdhan Singh 1 Florent Masseglia 1 Céline Fiot 1 Alice Marascu 1 Pascal Poncelet 2
1 AxIS - Usage-centered design, analysis and improvement of information systems
CRISAM - Inria Sophia Antipolis - Méditerranée , Inria Paris-Rocquencourt
2 TATOO - Fouille de données environnementales
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier
Abstract : Intrusion detection is an important topic dealing with security of information systems. Most successful Intrusion Detection Systems (IDS) rely on signature detection and need to update their signature as fast as new attacks are emerging. On the other hand, anomaly detection may be utilized for this purpose, but it suffers from a high number of false alarms. Actually, any behaviour which is significantly different from the usual ones will be considered as dangerous by an anomaly based IDS. Therefore, isolating true intrusions in a set of alarms is a very challenging task for anomaly based intrusion detection. In this paper, we consider to add a new feature to such isolated behaviours before they can be considered as malicious. This feature is based on their possible repetition from one information system to another. We propose a new outlier mining principle and validate it through a set of experiments.
Type de document :
Communication dans un congrès
EGC'09 : Extraction et Gestion des Connaissances, Jan 2009, Strasbourg, France. pp.313-323, 2009, 〈https://lsiit.u-strasbg.fr/egc09/index.php/Accueil〉
Liste complète des métadonnées

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00345574
Contributeur : Pascal Poncelet <>
Soumis le : mardi 9 décembre 2008 - 13:18:51
Dernière modification le : vendredi 25 mai 2018 - 12:02:04

Identifiants

  • HAL Id : lirmm-00345574, version 1

Citation

Goverdhan Singh, Florent Masseglia, Céline Fiot, Alice Marascu, Pascal Poncelet. Collaborative Outlier Mining for Intrusion Detection. EGC'09 : Extraction et Gestion des Connaissances, Jan 2009, Strasbourg, France. pp.313-323, 2009, 〈https://lsiit.u-strasbg.fr/egc09/index.php/Accueil〉. 〈lirmm-00345574〉

Partager

Métriques

Consultations de la notice

210