15 April 2004 Data mining model and algorithm in IDS
Author Affiliations +
Proceedings Volume 5282, Network Architectures, Management, and Applications; (2004) https://doi.org/10.1117/12.517378
Event: Asia-Pacific Optical and Wireless Communications, 2003, Wuhan, China
Abstract
In this paper, data mining technologies are used to analyze and extract features that can distinguish normal activities from intrusions. Based on the common model CIDF, we present an IDS framework with an embedded data mining module to improve accuracy of IDS. Three subsystems (including monitor system, data process system and decision-making system) in the framework are introduced respectively. Using experiments on mining network connection features, we present a decision-tree classification algorithm, which uses data set of network connection features as training data set to build decision tree. Using system behaviors as new samples and testing their attributes on the decision tree can recognize anomalies and unknown intrusions accurately.
© (2004) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Tianshu Huang, Tianshu Huang, Ping Xiong, Ping Xiong, Tianqing Zhu, Tianqing Zhu, } "Data mining model and algorithm in IDS", Proc. SPIE 5282, Network Architectures, Management, and Applications, (15 April 2004); doi: 10.1117/12.517378; https://doi.org/10.1117/12.517378
PROCEEDINGS
7 PAGES


SHARE
Back to Top