Browse > Article
http://dx.doi.org/10.13089/JKIISC.2003.13.2.99

Anomaly Detection Scheme Using Data Mining Methods  

박광진 (광운대학교 컴퓨터과학과)
유황빈 (광운대학교 컴퓨터과학과)
Abstract
Intrusions pose a serious security risk in a network environment. For detecting the intrusion effectively, many researches have developed data mining framework for constructing intrusion detection modules. Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal data. To detect anomalous behavior, Precise normal Pattern is necessary. This training data is typically expensive to produce. For this, the understanding of the characteristics of data on network is inevitable. In this paper, we propose to use clustering and association rules as the basis for guiding anomaly detection. For applying entropy to filter noisy data, we present a technique for detecting anomalies without training on normal data. We present dynamic transaction for generating more effectively detection patterns.
Keywords
Intrusions detection; data mining; anomaly detection; misuse detection; training data; detection pattern;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Mining association rules between sets of items in large detabase /
[ R.Agrawal;T.Imielinski;A. Swami ] / proceedings of the ACM SIGMOD Conference on Management of Data
2 /
[ Wenke Lee ] / A data mining framework for constructing and models for instruction detection systems
3 /
[ Eleazar Eskin;Wenke Lee;Salvatore J.Stolfo ] / Modeling System Calls for Intrusion Detection with Dynamic Window Sizes
4 Intrusion detection with unlabeled data using clusterling /
[ Leonid Portnoy;Eleazar Eskin;Salvatore J.Stolfo ] / Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001)
5 /
[ 한국정보보호진흥원 ] / 정보통신 기반구조 보호기술개발
6 Design and Implemention of an Anomaly Detection System : an Empirical Approach /
[ Luca Dert;Stefano;Gata Masellt ] / NOMS
7 /
[ John E.Dickerson;Jukka Jslin;Ourania Koukousoula;Juile A.Dickerson ] / Fuzzy Intrusion Detection
8 The NIDES Statistical Component Descriptio and Justification /
[ Harold S.Javitz;Alfonso Valdes ] / Annual report
9 Information theoretic measures for anomaly detection /
[ Wenke Lee;Xiang ] / Proceedings of the 2001 IEEE Symposium on Security and privacy
10 Data mining in work flow environments : Experiences in intrusion detection /
[ W.Lee;S.J.Stolfo;K.Mok ] / Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD-99)
11 A Geometric Framework for Unsupervised Anomaly Detetion : Detecting Instrusions in Unlabeled Data /
[ Eleazar Eskin;Andrew Arnold;Michael Prerau;Leonid Portnoy;Salvatore Stolfo ] / Data Mining for security
12 Intrusion Detection with unlabeled data using clustering /
[ Leonid Portnoy;Eleazar Eskin;Salvatore J.Stolfo ] / Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001)
13 Classification and Detection of Computer Intrusions /
[ Sandeep Kumar ] / Ph. D. Dissertation
14 Anomaly Detection over Noisy Data using Learned Probability Distributions /
[ Eleazar Eskin ] / ICML00, (abstract, full paper), Applications. Kluwer 2002(full paper, PDF)
15 A Data Mining Framework for Building Intrusion Detection Models /
[ Wenke Lee;Sal Stolfo;Kui Mok ] / Proceedings of the 1999 IEEE Symposium on Security and Privacy
16 Detecting Errors within a Corpus using Anomaly Detection /
[ Eleazar Eskin ] / Proceedings of First Conference of the North American Association for Computational Linguistics
17 Data Mining Approaches for Intrusion Detection /
[ Wenke Lee;Salvatore J.Stolfo ] / Proceedings of the 7th USENIX security Symposium