REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES
Marcello Esposito, Claudio Mazzariello, Francesco Oliviero, Simon Pietro Romano, Carlo Sansone
2005
Abstract
Rule-based Intrusion Detection Systems (IDS) rely on a set of rules to discover attacks in network traffic. Such rules are usually hand-coded by a security administrator and statically detect one or few attack types: minor modifications of an attack may result in detection failures. For that reason, signature based classification is not the best technique to detect novel or slightly modified attacks. In this paper we approach this problem by extracting a set of features from network traffic and computing rules which are able to classify such traffic. Such techniques are usually employed in off line analysis, as they are very slow and resource-consuming. We want to assess the feasibility of a detection technique which combines the use of a common signature-based intrusion detection system and the deployment of a data mining technique. We will introduce the problem, describe the developed architecture and show some experimental results to demonstrate the usability of such a system.
DownloadPaper Citation
in Harvard Style
Esposito M., Mazzariello C., Oliviero F., Pietro Romano S. and Sansone C. (2005). REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-19-8, pages 120-127. DOI: 10.5220/0002536601200127
in Bibtex Style
@conference{iceis05,
author={Marcello Esposito and Claudio Mazzariello and Francesco Oliviero and Simon Pietro Romano and Carlo Sansone},
title={REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2005},
pages={120-127},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002536601200127},
isbn={972-8865-19-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES
SN - 972-8865-19-8
AU - Esposito M.
AU - Mazzariello C.
AU - Oliviero F.
AU - Pietro Romano S.
AU - Sansone C.
PY - 2005
SP - 120
EP - 127
DO - 10.5220/0002536601200127