A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions (original) (raw)

2000, Lecture Notes in Computer Science

As the recent distributed Denial-of-Service (DDOS) attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. Furthermore, intrusion detection systems (IDSs) need to be updated timely whenever a novel intrusion surfaces; and geographically distributed IDSs need to cooperate to detect distributed and coordinated intrusions. In this paper, we describe an experimental system, based on the Common Intrusion Detection Framework (CIDF), where multiple IDSs can exchange attack information to detect distributed intrusions. The system also includes an ID model builder, where a data mining engine can receive audit data of a novel attack from an IDS, compute a new detection model, and then distribute it to other IDSs. We describe our experiences in implementing such system and the preliminary results of deploying the system in an experimental network.

Sign up for access to the world's latest research.

checkGet notified about relevant papers

checkSave papers to use in your research

checkJoin the discussion with peers

checkTrack your impact