Mining Common Outliers for Intrusion Detection

Goverdhan Singh 1 Florent Masseglia 2 Céline Fiot 1 Alice Marascu 1 Pascal Poncelet 3
1 AxIS - Usage-centered design, analysis and improvement of information systems
CRISAM - Inria Sophia Antipolis - Méditerranée , Inria Paris-Rocquencourt
2 ZENITH - Scientific Data Management
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier, CRISAM - Inria Sophia Antipolis - Méditerranée
3 TATOO - Fouille de données environnementales
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier
Abstract : Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering (which has controversial properties). Unsupervised clustering for intrusion detection aims to i) group behaviours together depending on their similarity and ii) detect groups containing only one (or very few) behaviour(s). Such isolated behaviours seem to deviate from the model of normality; therefore, they are considered as malicious. Obviously, not all atypical behaviours are attacks or intrusion attempts. This represents one drawback of intrusion detection methods based on clustering.We take into account the addition of a new feature to isolated behaviours before they are considered malicious. This feature is based on the possible repeated occurrences of the bahaviour on many information systems. Based on this feature, we propose a new outlier mining method which we validate through a set of experiments.
Type de document :
Chapitre d'ouvrage
Fabrice Guillet and Gilbert Ritschard and Djamel Abdelkader Zighed and Henri Briand. Advances in Knowledge Discovery and Management, 292, Springer, pp.217-234, 2010, Studies in Computational Intelligence, 978-3-642-00579-4. 〈10.1007/978-3-642-00580-0_13〉
Liste complète des métadonnées

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00798705
Contributeur : Pascal Poncelet <>
Soumis le : dimanche 10 mars 2013 - 02:06:42
Dernière modification le : mercredi 21 novembre 2018 - 19:48:04

Lien texte intégral

Identifiants

Citation

Goverdhan Singh, Florent Masseglia, Céline Fiot, Alice Marascu, Pascal Poncelet. Mining Common Outliers for Intrusion Detection. Fabrice Guillet and Gilbert Ritschard and Djamel Abdelkader Zighed and Henri Briand. Advances in Knowledge Discovery and Management, 292, Springer, pp.217-234, 2010, Studies in Computational Intelligence, 978-3-642-00579-4. 〈10.1007/978-3-642-00580-0_13〉. 〈lirmm-00798705〉

Partager

Métriques

Consultations de la notice

502