Mining Common Outliers for Intrusion Detection

Goverdhan Singh 1 Florent Masseglia 2 Céline Fiot 1 Alice Marascu 1 Pascal Poncelet 3
1 AxIS - Usage-centered design, analysis and improvement of information systems
CRISAM - Inria Sophia Antipolis - Méditerranée , Inria Paris-Rocquencourt
2 ZENITH - Scientific Data Management
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier, CRISAM - Inria Sophia Antipolis - Méditerranée
3 TATOO - Fouille de données environnementales
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier
Abstract : Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering (which has controversial properties). Unsupervised clustering for intrusion detection aims to i) group behaviours together depending on their similarity and ii) detect groups containing only one (or very few) behaviour(s). Such isolated behaviours seem to deviate from the model of normality; therefore, they are considered as malicious. Obviously, not all atypical behaviours are attacks or intrusion attempts. This represents one drawback of intrusion detection methods based on clustering.We take into account the addition of a new feature to isolated behaviours before they are considered malicious. This feature is based on the possible repeated occurrences of the bahaviour on many information systems. Based on this feature, we propose a new outlier mining method which we validate through a set of experiments.
Document type :
Book sections
Complete list of metadatas

Cited literature [32 references]  Display  Hide  Download

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00798705
Contributor : Pascal Poncelet <>
Submitted on : Wednesday, March 20, 2019 - 3:37:11 PM
Last modification on : Wednesday, March 20, 2019 - 3:58:25 PM
Long-term archiving on : Friday, June 21, 2019 - 9:15:22 PM

File

CODakdm2010.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Goverdhan Singh, Florent Masseglia, Céline Fiot, Alice Marascu, Pascal Poncelet. Mining Common Outliers for Intrusion Detection. Fabrice Guillet; Gilbert Ritschard; Djamel Abdelkader Zighed; Henri Briand. Advances in Knowledge Discovery and Management, 292, Springer, pp.217-234, 2010, Studies in Computational Intelligence, 978-3-642-00579-4. ⟨10.1007/978-3-642-00580-0_13⟩. ⟨lirmm-00798705⟩

Share

Metrics

Record views

714

Files downloads

59