Abstract
The continuous growth of computer networks, coupled with the increasing number of people relying upon information technology, has inevitably attracted both mischievous and malicious abusers. Such abuse may originate from both outside an organisation and from within, and will not necessarily be prevented by traditional authentication and access control mechanisms. Intrusion Detection Systems aim to overcome these weaknesses by continuously monitoring for signs of unauthorised activity. The techniques employed often involve the collection of vast amounts of auditing data to identify abnormalities against historical user behaviour profiles and known intrusion scenarios. The approach may be optimised using domain expertise to extract only the relevant information from the wealth available, but this can be time consuming and knowledge intensive. This paper examines the potential of Data Mining algorithms and techniques to automate the data analysis process and aid in the identification of system features and latent trends that could be used to profile user behaviour. It presents the results of a preliminary analysis and discusses the strategies used to capture and profile behavioural characteristics using data mining in the context of a conceptual Intrusion Monitoring System framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Computer Security Institute, “2000 CSI/FBI Computer Crime and Security Survey”, Vol. 6,No. 1, SPRING-2000
Lunt, T.F.: IDES: an intelligent system for detecting intruders. Proc. of the Computer Security, Threat and Countermeasures Symposium, Rome, Italy (November 1990)
Mukherjee, B., Herberlein, L.T. and Levitt, K.N.: Network Intrusion Detection. IEEE Network-1994, Vol. 8.3 26–41
Frank, J.: Artificial Intelligence and Intrusion Detection: current and future direction. Proc. of the 17th National Computer Security Conference (October 1994)
Amoroso, E.G.: Intrusion Detection: an introduction to internet surveillance, correlation, traps, trace back, and response. Intrusion.Net-1999, ISBN 0-9666700-7-8
Westphal, C. and Blaxton, T.: Data Mining Solution, Methods and Tools for Solving Real-World Problems. Wiley-1998, ISBN 0-471-25384-7, 531–585
Sasisekharan, R. and Seshadri, V.: Data Mining and Forecasting in Large-Scale Telecommunications Networks. IEEE Expert Intelligent Systems and Their Applications-1996, Vol. 11.1 37–43
Lee, W. and Stolfo, S.: Data Mining Approaches for Intrusion detection. Proc. 7th USENIX Security Symposium (1998)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusion Using Calls: alternative data models. Symposium on Security and Privacy (1999)
Fayyad, U.M.: Data Mining and Knowledge Discovery: making sense out of data. IEEE Expert-1996, Vol. 11.6 20–25
Adriaans, P. and Zantinge, D.: Data Mining. Addison-Wesley-1998, ISBN 0-201-40380-3
Michie, D., Spiegelhalter, D.J. and Taylor C.C.: Machine Learning, Neural and Statistical Classification. Ellis Horwood-1994, ISBN 0-13-106360-X, 136–141
Singh, H., Burn-Thornton, K.E. and Bull, P.D.: Classification of Network State Using Data Mining. Proc. of the 4th IEEE MICC & ISCE’ 99,Malacca, Malaysia, Vol. 1. 183–187
Furnell, S.M. and Dowland, P.S.: A Conceptual Architecture for Real-time Intrusion Monitoring. Information Management & Computer Security-2000, Vol. 8.2 65–74
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Singh, H., Furnell, S., Lines, B., Dowland, P. (2001). Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_17
Download citation
DOI: https://doi.org/10.1007/3-540-45116-1_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42103-0
Online ISBN: 978-3-540-45116-7
eBook Packages: Springer Book Archive