A real-time network intrusion detection system based on incremental mining approach

The fuzzy association rule has been proven to be effective to present userspsila network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to...

Full description

Saved in:
Bibliographic Details
Main Authors: Ming-Yang Su, Kai-Chi Chang, Hua-Fu Wei, Chun-Yuen Lin
Format: Conference Proceeding
Language:English
Subjects:
Anomaly-based NIDS
Artificial intelligence
Association rules
Computer science
Data mining
Electronic mail
Fuzzy Association Rules
Incremental Mining
Information analysis
Internet
Intrusion detection
IP networks
Network Security
Online Mining
Real time systems
Real-Time NIDS
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The fuzzy association rule has been proven to be effective to present userspsila network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to fuzzy association rule can meet the real-time requirement because they all applied static mining approach. In the paper, we propose a real-time NIDS by incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack free packets, our system can make a decision per time unit, 2 seconds in the paper. Experiments have been done to demonstrate its excellent effectiveness and efficiency of the system.
DOI:10.1109/ISI.2008.4565050