Skip to main content
SpringerLink
Log in

CTAR: Classification Based on Temporal Class-Association Rules for Intrusion Detection

  • Conference paper
Information Security Applications (WISA 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2908))

Included in the following conference series:

Abstract

Recently, increased number and diversity of network attack caused difficulties in intrusion detection. One of the intrusion detection, anomaly detection is a method of treating abnormal behaviors that deviate from modeled normal behaviors as suspicious attack. Research on data mining for intrusion detection focused on association rules, frequent episodes and classification. However despite the usefulness of rules that include temporal dimension and the fact that the audit data has temporal attribute, the above methods were limited in static rule extraction and did not consider temporal attributes. Therefore, we propose a new classification for intrusion detection. The proposed method is the CTAR(short for, Classification based on Temporal Class-Association Rules) and it extends combination of association rules and classification, CARs(short for, Class-Association Rules) by including temporal attribute. CTAR discovers rules in multiple time granularities and users can easily understand the discovered rules and temporal patterns. Finally, we proof that a prediction model (classifier) built from CTAR method yields better accuracy than a prediction model built from a traditional methods by experimental results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Srikant, R.: Fast algorithms mining association rules in large databases. In: Proc. of the 1994 International Conference on Very Large Data Bases (1994)

    Google Scholar 

  2. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the 7th USENIX Secunity Symposium (1998)

    Google Scholar 

  3. Lee, W., Stolfo, S.: A Data Mining Framework for Building Intrusion Detection Models. In: IEEE Symposium on Security and Privacy (1999)

    Google Scholar 

  4. Roddick, J.F., Spiliopoulou, M.: Temporal data mining: survey and issues, Research Report ACRC-99-007, University of South Australia (1999)

    Google Scholar 

  5. Ozden, B., Ramaswamy, S.: Cyclic Association Rules. In: Proc. of the 14th International Conference (1998)

    Google Scholar 

  6. Chen, X., Petrounias, I.: A Framework for Temporal Data Mining. In: Proc. of the 9th International Conference on Database and Expert Systems Applications (1998)

    Google Scholar 

  7. Li, Y., Ning, P.: Discovering Calendar-based Temporal Association Rules. In: Proc. of the 8th International Symposium on Temporal Representation and Reasoning (2001)

    Google Scholar 

  8. Barbara, D., Couto, J., Wu, N.: ADAM: Detecting Intrusion by Data Mining. In: Proc. of the 2th IEEE Information Assurance Workshop (2001)

    Google Scholar 

  9. Liu, B., Hsu, W., Ma, Y.: Integrating classification and association rule mining. In: Proc. of the 4th International Conference Knowledge Discovery and Data Mining, KDD 1998 (1998)

    Google Scholar 

  10. Li, W., Han, J., Pei, J.: CMAR: Accurate and Efficient Classification Based on Multiple Class-Association Rules. In: Proc. 2001 International Conference on Data Mining, ICDM 2001 (2001)

    Google Scholar 

  11. Lee, Y.J., Seo, S.B., Ryu, K.H.: Discovering Temporal Relation Rules form Temporal Interval Data, Korea Information Science Society, KISS (2001)

    Google Scholar 

  12. Shin, M.S., Kim, E.H., Ryu, K.H., Kim, K.Y.: Data Mining Methods for Alert Correlation Analysis. International Journal of Computer and Information Science(IJCIS) (2003) (to be appeared)

    Google Scholar 

  13. MIT Lincoln Laboratories DARPA Intrusion Evaluation Detection, http://www.ll.mit.edu/IST/ideval/

Download references

Author information

Authors and Affiliations

  1. Database Laboratory, Chungbuk National University, Cheongju, Korea

    Jin Suk Kim, Hohn Gyu Lee, Sungbo Seo & Keun Ho Ryu

Authors
  1. Jin Suk Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hohn Gyu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sungbo Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Keun Ho Ryu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, Ewha Womans University, Korea

    Ki-Joon Chae

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J.S., Lee, H.G., Seo, S., Ryu, K.H. (2004). CTAR: Classification Based on Temporal Class-Association Rules for Intrusion Detection. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24591-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20827-3

  • Online ISBN: 978-3-540-24591-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation