Building an Intrusion Detection System for IT Security Based on Data Mining Techniques

Pjotrs Dorogovs; Arkādijs Borisovs; Andrejs Romānovs

Building an Intrusion Detection System for IT Security Based on Data Mining Techniques

2011
Pjotrs Dorogovs, Arkādijs Borisovs, Andrejs Romānovs

This paper aims to research various data mining techniques applied to solve intrusion detection problems. In general, intrusion detection techniques can be divided into two major categories: misuse detection and anomaly detection. Taking into consideration effectiveness of the anomaly detection technique not only against known types of attacks (like misuse detection does by exploiting signature database) but also against new ones, it has become a topical issue in majority of data and computer security researches. The techniques discussed in the paper include the Hidden Markov Model (HMM) method for modelling and evaluating invisible events based on system calls, further development of Stephanie Forrest’s idea of the fixed-length audit trail patterns, the principle component analysis based method for anomaly intrusion detection with less computation efforts, algorithm based on k-nearest neighbour method, as well as applying association rule algorithm to audit data.

Atslēgas vārdi
Information security, intrusion detection, data mining, association rules
DOI
10.2478/v10143-011-0040-3
Hipersaite
http://www.degruyter.com/view/j/acss.2011.45.issue--1/v10143-011-0040-3/v10143-011-0040-3.xml?format=INT

Dorogovs, P., Borisovs, A., Romānovs, A. Building an Intrusion Detection System for IT Security Based on Data Mining Techniques. Informācijas tehnoloģija un vadības zinātne. Nr.49, 2011, 43.-48.lpp. ISSN 1407-7493. Pieejams: doi:10.2478/v10143-011-0040-3

Publikācijas valoda
English (en)

Publikācijas veids
Publikācija RTU zinātniskajā žurnālā
Pamatdarbībai piesaistītais finansējums
Nav zināms
Pētniecības nozare
1. Dabaszinātnes
Pētniecības apakšnozare
1.2. Datorzinātne un informātika
ID: 12521