Mining Common Outliers for Intrusion Detection - LIRMM - Laboratoire d’Informatique, de Robotique et de Microélectronique de Montpellier Access content directly
Book Sections Year : 2010

Mining Common Outliers for Intrusion Detection

Abstract

Data mining for intrusion detection can be divided into several sub-topics, among which unsupervised clustering (which has controversial properties). Unsupervised clustering for intrusion detection aims to i) group behaviours together depending on their similarity and ii) detect groups containing only one (or very few) behaviour(s). Such isolated behaviours seem to deviate from the model of normality; therefore, they are considered as malicious. Obviously, not all atypical behaviours are attacks or intrusion attempts. This represents one drawback of intrusion detection methods based on clustering.We take into account the addition of a new feature to isolated behaviours before they are considered malicious. This feature is based on the possible repeated occurrences of the bahaviour on many information systems. Based on this feature, we propose a new outlier mining method which we validate through a set of experiments.
Fichier principal
Vignette du fichier
CODakdm2010.pdf (273.62 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

lirmm-00798705 , version 1 (20-03-2019)

Identifiers

Cite

Goverdhan Singh, Florent Masseglia, Céline Fiot, Alice Marascu, Pascal Poncelet. Mining Common Outliers for Intrusion Detection. Fabrice Guillet; Gilbert Ritschard; Djamel Abdelkader Zighed; Henri Briand. Advances in Knowledge Discovery and Management, 292, Springer, pp.217-234, 2010, Studies in Computational Intelligence, 978-3-642-00579-4. ⟨10.1007/978-3-642-00580-0_13⟩. ⟨lirmm-00798705⟩
372 View
188 Download

Altmetric

Share

Gmail Facebook X LinkedIn More