abstract

From student research to intrusion detection

Author:

N. Paul SchembariAuthors Info & Claims

InfoSec '15: Proceedings of the 2015 Information Security Curriculum Development Conference

Article No.: 5, Page 1

https://doi.org/10.1145/2885990.2885995

Published: 10 October 2015 Publication History

Abstract

We describe a multi-year project that began as mostly undergraduate student research in data mining applied to computer forensics and has now grown into a prototype for an intrusion detection system. The IDS assumes we have delimited data that can be separated into records such as IP packets, system calls, etc. The data mining approach uses the Bag of Words methodology where we form a matrix model of the data, and then cluster the records using k-means clustering and sparse nonnegative matrix factorization. With no training, these clusters are evaluated to determine if they represent normal system actions or attack vectors. This prototype system has accuracy levels similar to systems that use supervised learning on a specific set of data. We discuss future plans to make improvements with continued student investigation. Overall, we found this to be a great partnership between faculty and student research.

From student research to intrusion detection
1. Information systems
  1. Information systems applications

Recommendations

An evaluation of clustering technique over intrusion detection system
ICACCI '12: Proceedings of the International Conference on Advances in Computing, Communications and Informatics

Data mining has been popularly recognized as an important way to mine useful information from large volumes of data that are noisy, fuzzy & random. Intrusion detection has become an efficient tool against network attack because they allow network ...
Student and Faculty Perceptions of Undergraduate Research Experiences in Computing

Undergraduate research experiences are promoted and funded for their potential in increasing students’ likelihood of pursuing graduate degrees, increasing their confidence, and expanding their awareness of their discipline and career opportunities. ...
Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...

Comments

Information & Contributors

Information

Published In

InfoSec '15: Proceedings of the 2015 Information Security Curriculum Development Conference

October 2015

61 pages

ISBN:9781450340496

DOI:10.1145/2885990

Conference Chair:
Michael Whitman,
Program Chair:
Humayun Zafar

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

SIGMIS: ACM Special Interest Group on Management Information Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 October 2015

Check for updates

Author Tags

Qualifiers

Abstract

Conference

INFOSECCD '15

Sponsor:

INFOSECCD '15: Information Security Curriculum Development Conference

October 10, 2015

Georgia, Kennesaw

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Recommendations

An evaluation of clustering technique over intrusion detection system

Student and Faculty Perceptions of Undergraduate Research Experiences in Computing

Rule generalisation in intrusion detection systems using SNORT

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Abstract

Recommendations

An evaluation of clustering technique over intrusion detection system

Student and Faculty Perceptions of Undergraduate Research Experiences in Computing

Rule generalisation in intrusion detection systems using SNORT

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

View options

Share

Share this Publication link

Share on social media

Affiliations