Abstract
Recently, increased number and diversity of network attack caused difficulties in intrusion detection. One of the intrusion detection, anomaly detection is a method of treating abnormal behaviors that deviate from modeled normal behaviors as suspicious attack. Research on data mining for intrusion detection focused on association rules, frequent episodes and classification. However despite the usefulness of rules that include temporal dimension and the fact that the audit data has temporal attribute, the above methods were limited in static rule extraction and did not consider temporal attributes. Therefore, we propose a new classification for intrusion detection. The proposed method is the CTAR(short for, Classification based on Temporal Class-Association Rules) and it extends combination of association rules and classification, CARs(short for, Class-Association Rules) by including temporal attribute. CTAR discovers rules in multiple time granularities and users can easily understand the discovered rules and temporal patterns. Finally, we proof that a prediction model (classifier) built from CTAR method yields better accuracy than a prediction model built from a traditional methods by experimental results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Srikant, R.: Fast algorithms mining association rules in large databases. In: Proc. of the 1994 International Conference on Very Large Data Bases (1994)
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the 7th USENIX Secunity Symposium (1998)
Lee, W., Stolfo, S.: A Data Mining Framework for Building Intrusion Detection Models. In: IEEE Symposium on Security and Privacy (1999)
Roddick, J.F., Spiliopoulou, M.: Temporal data mining: survey and issues, Research Report ACRC-99-007, University of South Australia (1999)
Ozden, B., Ramaswamy, S.: Cyclic Association Rules. In: Proc. of the 14th International Conference (1998)
Chen, X., Petrounias, I.: A Framework for Temporal Data Mining. In: Proc. of the 9th International Conference on Database and Expert Systems Applications (1998)
Li, Y., Ning, P.: Discovering Calendar-based Temporal Association Rules. In: Proc. of the 8th International Symposium on Temporal Representation and Reasoning (2001)
Barbara, D., Couto, J., Wu, N.: ADAM: Detecting Intrusion by Data Mining. In: Proc. of the 2th IEEE Information Assurance Workshop (2001)
Liu, B., Hsu, W., Ma, Y.: Integrating classification and association rule mining. In: Proc. of the 4th International Conference Knowledge Discovery and Data Mining, KDD 1998 (1998)
Li, W., Han, J., Pei, J.: CMAR: Accurate and Efficient Classification Based on Multiple Class-Association Rules. In: Proc. 2001 International Conference on Data Mining, ICDM 2001 (2001)
Lee, Y.J., Seo, S.B., Ryu, K.H.: Discovering Temporal Relation Rules form Temporal Interval Data, Korea Information Science Society, KISS (2001)
Shin, M.S., Kim, E.H., Ryu, K.H., Kim, K.Y.: Data Mining Methods for Alert Correlation Analysis. International Journal of Computer and Information Science(IJCIS) (2003) (to be appeared)
MIT Lincoln Laboratories DARPA Intrusion Evaluation Detection, http://www.ll.mit.edu/IST/ideval/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J.S., Lee, H.G., Seo, S., Ryu, K.H. (2004). CTAR: Classification Based on Temporal Class-Association Rules for Intrusion Detection. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-24591-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20827-3
Online ISBN: 978-3-540-24591-9
eBook Packages: Springer Book Archive