Data stream mining architecture for network intrusion detection

被引：7

作者：

Chu, NCN ^{[1
]}

Williams, A ^{[1
]}

Alhajj, R ^{[1
]}

Barker, K ^{[1
]}

机构：

[1] Univ Calgary, Dept Comp Sci, Calgary, AB, Canada

来源：

PROCEEDINGS OF THE 2004 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION (IRI-2004) | 2004年

关键词：

D O I：

10.1109/IRI.2004.1431488

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

It this paper, we propose a stream mining architecture which is based on a single-pass approach. Our approach can be used to develop efficient, effective, and active intrusion detection mechanisms which satisfy the near real-time requirements of processing data streams on a network with minimal overhead. The key idea is that new patterns can now be detected on-the-fly. They are flagged as network attacks or labeled as normal traffic, based on the current network trend, thus reducing the false alarm rates prevalent in active network intrusion systems and increasing the low detection rate which characterizes passive approaches.

引用

页码：363 / 368

页数：6

共 25 条

[1]

Agrawal R., 1993, SIGMOD Record, V22, P207, DOI 10.1145/170036.170072

[2]

[Anonymous], 2003, DATA MINING NEXT GEN

[3]

[Anonymous], P NSF WORKSH NEXT GE

[4]

DOMINGOS P, 2003, J COMPUTATIONAL GRAP, V12

[5]

DONG G, 2003, P ACM SIGMOD MPDS SA

[6]

FUJII K, JAVA PACKAGE PACKET

[7]

Garofalakis MinosN., 2002, SIGMOD Conference, P635, DOI DOI 10.1145/564691.564794

[8]

Golab L, 2003, SIGMOD REC, V32, P5, DOI 10.1145/776985.776986

[9] Clustering data streams: Theory and practice [J].

Guha, S ;

Meyerson, A ;

Mishra, N ;

Motwani, R ;

O'Callaghan, L .

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2003, 15 (03) :515-528

[10]

HAN J, 2002, P IEEE ICDM KEYN SPE

← 1 2 3 →