A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures

机译：关联规则挖掘在大型入侵检测基础架构中的应用框架

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

The high number of false positive alarms that are generated in large intrusion detection infrastructures makes it difficult for operations staff to separate false alerts from real attacks. One means of reducing this problem is the use of meta alarms, or rules, which identify known attack patterns in alarm streams. The obvious risk with this approach is that the rule base may not be complete with respect to every true attack profile, especially those which are new. Currently, new rules are discovered manually, a process which is both costly and error prone. We present a novel approach using association rule mining to shorten the time that elapses from the appearance of a new attack profile in the data to its definition as a rule in the production monitoring infrastructure.

机译：大型入侵检测基础架构中生成大量误报警报，因此运维人员很难将误报与实际攻击区分开。减少此问题的一种方法是使用元警报或规则，它们可识别警报流中的已知攻击模式。这种方法的明显风险是，对于每个真实的攻击配置文件，尤其是新的攻击配置文件，规则库可能并不完整。当前，新规则是手动发现的，该过程既昂贵又容易出错。我们提出一种使用关联规则挖掘的新方法，以缩短从数据中出现新攻击配置文件到将其定义为生产监控基础结构中的规则所经历的时间。

著录项

来源
《International Symposium on Recent Advances in Intrusion Detection(RAID 2006); 20060920-22; Hamburg(DE)》|2006年|P.1-18|共18页
会议地点 Hamburg(DE)
作者
James J. Treinen; Ramakrishna Thurimella;
展开▼
作者单位

IBM Global Services, Boulder, CO 80301, USA;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
association rules; data mining; intrusion detection; graph algorithms;

机译：关联规则;数据挖掘;入侵检测;图算法;

相似文献

外文文献
中文文献
专利

1. Application of Association Rule Mining for developing Network Intrusion Detection System:.An analysis using NSL KDD Data Set [J] . Jamal Hussain, Pranjal Kalita Indian Journal of Computer Science and Engineering . 2017,第5期

机译：关联规则挖掘在开发网络入侵检测系统中的应用：。使用NSL KDD数据集的分析
2. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining [J] . Nattawat Khamphakdee, Nunnapus Benjamas, Saiyan Saiyod Journal of ICT Research and Applications . 2015,第3期

机译：利用数据挖掘的关联规则技术改进基于Snort规则的网络探针攻击检测入侵检测系统
3. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining [J] . Nattawat Khamphakdee, Nunnapus Benjamas, Saiyan Saiyod ITB Journal of Information and Communication Technology . 2015,第3期

机译：利用数据挖掘的关联规则技术改进基于Snort规则的网络探针攻击检测入侵检测系统
4. A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures [C] . James J. Treinen, Ramakrishna Thurimella International Symposium on Recent Advances in Intrusion Detection(RAID 2006); 20060920-22; Hamburg(DE) . 2006

机译：关联规则挖掘在大型入侵检测基础架构中的应用框架
5. Association rule based data mining approaches for Web Cache Maintenance and adaptive Intrusion Detection systems. [D] . Mohan, Sujaa Rani. 2005

机译：Web缓存维护和自适应入侵检测系统的基于关联规则的数据挖掘方法。
6. An Association Rule Mining-Based Framework for Understanding Lifestyle Risk Behaviors [O] . So Hyun Park, Shin Yi Jang, Ho Kim, 2010

机译：基于关联规则挖掘的框架，用于了解生活方式风险行为
7. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining [O] . Nattawat Khamphakdee, Nunnapus Benjamas, Saiyan Saiyod 2015

机译：利用snort规则改进数据挖掘关联规则检测网络探测攻击检测系统
8. Distributed Streams-Based Data-Mining for Application Intrusion Detection [R] . Yurica, K. , Pande, R. , Motwani, R. 2004

机译：基于分布式流的应用入侵检测数据挖掘

A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures

摘要

著录项

相似文献

相关主题

期刊订阅