期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2006
卷号:6
期号:6
页码:258-265
出版社:International Journal of Computer Science and Network Security
摘要:The goal of intrusion detection is to identify attempted or ongoing attacks on a computer system or network. Many attacks aim to compromise computer networks in an online manner. Traffic anomalies have been an important indication of such attacks. Challenges in the detections lie in modeling of the large continuous streams of data and performing anomaly detection in an online manner. This paper presents a data mining technique to assess the risks of local anomalies based on synopsis obtained from a global spatiotemporal modeling approach. The proposed model is proactive in the detection of various types of traffic related attacks such as distributed denial of service (DDoS). It is incremental, scalable and thus suitable for online processing. Algorithm analysis shows the time efficiency of the proposed technique. The experiments conducted with a DARPA dataset demonstrate that compared with a frequency based anomaly detection model, the false alarm rate caused by the proposed model is significantly mitigated without losing a high detection rate.
关键词:data mining, risk leveling, intrusion detection, anomaly, data stream