Data warehousing and data mining techniques for intrusion detection systems |
| |
Authors: | Anoop Singhal Sushil Jajodia |
| |
Affiliation: | (1) Computer Security Division, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD, 20899–8930;(2) Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030 |
| |
Abstract: | This paper describes data mining and data warehousing techniques that can improve the performance and usability of Intrusion
Detection Systems (IDS). Current IDS do not provide support for historical data analysis and data summarization. This paper
presents techniques to model network traffic and alerts using a multi-dimensional data model and star schemas. This data model was used to perform network security analysis and detect denial of service attacks. Our data model can also
be used to handle heterogeneous data sources (e.g. firewall logs, system calls, net-flow data) and enable up to two orders
of magnitude faster query response times for analysts as compared to the current state of the art. We have used our techniques
to implement a prototype system that is being successfully used at Army Research Labs. Our system has helped the security
analyst in detecting intrusions and in historical data analysis for generating reports on trend analysis.
Recommended by: Ashfaq Khokhar |
| |
Keywords: | Data warehouse OLAP Data mining and analysis Computer security Intrusion detection |
本文献已被 SpringerLink 等数据库收录! |
|