KEYWORDS: Data mining, Data modeling, Network security, Network architectures, Data processing, Computer intrusion detection, Mining, Detection and tracking algorithms, Databases, Data conversion
In this paper, data mining technologies are used to analyze and extract features that can distinguish normal activities from intrusions. Based on the common model CIDF, we present an IDS framework with an embedded data mining module to improve accuracy of IDS. Three subsystems (including monitor system, data process system and decision-making system) in the framework are introduced respectively. Using experiments on mining network connection features, we present a decision-tree classification algorithm, which uses data set of network connection features as training data set to build decision tree. Using system behaviors as new samples and testing their attributes on the decision tree can recognize anomalies and unknown intrusions accurately.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.