Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection
2000; Wiley; Volume: 15; Issue: 8 Linguagem: Inglês
10.1002/1098-111x(200008)15
ISSN1098-111X
AutoresJianxiong Luo, Susan M. Bridges,
Tópico(s)Fuzzy Logic and Control Systems
ResumoInternational Journal of Intelligent SystemsVolume 15, Issue 8 p. 687-703 Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection Jianxiong Luo, Jianxiong Luo [email protected] Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Search for more papers by this authorSusan M. Bridges, Corresponding Author Susan M. Bridges [email protected] Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Search for more papers by this author Jianxiong Luo, Jianxiong Luo [email protected] Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Search for more papers by this authorSusan M. Bridges, Corresponding Author Susan M. Bridges [email protected] Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Department of Computer Science, Intelligent Systems Laboratory, Box 9637, Mississippi State University, Mississippi State, Mississippi 39759Search for more papers by this author First published: 30 June 2000 https://doi.org/10.1002/1098-111X(200008)15:8 3.0.CO;2-XCitations: 106AboutPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onEmailFacebookTwitterLinkedInRedditWechat Abstract Lee, Stolfo, and Mok1 previously reported the use of association rules and frequency episodes for mining audit data to gain knowledge for intrusion detection. The integration of association rules and frequency episodes with fuzzy logic can produce more abstract and flexible patterns for intrusion detection, since many quantitative features are involved in intrusion detection and security itself is fuzzy. We present a modification of a previously reported algorithm for mining fuzzy association rules, define the concept of fuzzy frequency episodes, and present an original algorithm for mining fuzzy frequency episodes. We add a normalization step to the procedure for mining fuzzy association rules in order to prevent one data instance from contributing more than others. We also modify the procedure for mining frequency episodes to learn fuzzy frequency episodes. Experimental results show the utility of fuzzy association rules and fuzzy frequency episodes for intrusion detection. © 2000 John Wiley & Sons, Inc. References 1 Lee W, Stolfo S, Mok K. Mining audit data to build intrusion detection models, In: R Agrawal, P Stolorz, editor. Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining, New York, New York, August 27–31, 1998, New York: AAAI Press; 1998. p 66–72. Google Scholar 2 Sundaram A. An introduction to intrusion detection. (Downloaded from http://www.cs.purdue.edu/coast/archive/data/categ24.html on March 10, 1999.) Google Scholar 3 Frank J. Artificial intelligence and intrusion detection: current and future directions. In: Proceedings of the 17th National Computer Security Conference, October, 1994. Google Scholar 4 Lunt T, Jagannathan R. A prototype real-time intrusion-detection expert system. In: Proceedings of 1988 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, April 18–21, 1988. Los Alamitos, CA: IEEE Computer Society Press; 1988. p 59–66. Google Scholar 5 Teng H, Chen K, Lu S. Adaptive real-time anomaly detection using inductively generated sequential patterns. Proceedings of 1990 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 7–9, 1990. Los Alamitos, CA: IEEE Computer Society Press; 1990. p 278–284. 10.1109/RISP.1990.63857 Google Scholar 6 Debar H, Becker M, Siboni D. A neural network component for an intrusion detection system. In Proceedings of 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 4–6, 1992. Los Alamitos, CA: IEEE Computer Society Press; 1992. p 240–250. 10.1109/RISP.1992.213257 Google Scholar 7 Ilgun K, Kemmerer A. State transition analysis: a rule-based intrusion detection approach. IEEE Trans Software Eng 1995; 21( 3): 181–199. 10.1109/32.372146 Web of Science®Google Scholar 8 Lunt T. Detecting intruders in computer systems. In Proceedings of 1993 Conference on Auditing and Computer technology. (Downloaded from http://www2.csl.sri.com/nides/index5.html on February 3, 1999.) Google Scholar 9 Agrawal R, Srikant R. Fast algorithms for mining association rules. Proceedings of the 20th International Conference on Very Large Databases, Santiago, Chile, September 12–15, 1994. San Francisco: Morgan Kaufmann; 1994. p 487–499. Google Scholar 10 Mannila H, Toivonen H. Discovering generalized episodes using minimal occurrences. Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, Portland, OR, August, 1996. p 146–151. Google Scholar 11 Lee W, Stolfo S. Data mining approaches for intrusion detection. Proceedings of the 7th USENIX security symposium, 1998. (Downloaded from http://www.cs.columbia.edu/˜sal/recent-papers.html on March 10, 1999.) Google Scholar 12 Srikant R, Agrawal R. Mining quantitative association rules in large relational tables. Proceedings of ACM SIGMOD International Conference on Management of Data, June 4–6, 1996. p 1–12. Google Scholar 13 Kuok C, Fu A, Wong M. Mining fuzzy association rules in databases. SIGMOD Rec 1998; 27( 1): 41–46. 10.1145/273244.273257 Google Scholar 14 Porras P, Valdes A. Live traffic analysis of TCP/IP gateways. Proceedings of the 1998 ISOC Symposium on Network and Distributed Systems Security, March, 1998. Google Scholar 15 Lee W, Stolfo S, Mok K. A data mining framework for building intrusion detection models. 1999. (Downloaded from http://www.cs.columbia.edu/˜sal/recent-paper.html on March 10, 1999.) Google Scholar 16 The Institute for Visualization and Perception Research, University of Massachusetts Lowell, 1998. Information Exploration Shootout. (http://iris.cs.uml/edu:8080, accessed March 1, 1999.) Google Scholar Citing Literature Volume15, Issue8August 2000Pages 687-703 ReferencesRelatedInformation
Referência(s)