Nesma Mahmoud, profile picture
Uploaded byNesma Mahmoud
PPTX, PDF653 views

DM for IDS

The document discusses using data mining techniques for intrusion detection. It first defines key concepts like data mining, knowledge discovery in databases, and intrusion detection. It explains that data mining can be used to build predictive models for misuse detection using classification algorithms trained on labeled audit data. For anomaly detection, data mining identifies abnormal behaviors that deviate from profiles of normal user activities. The document provides an overview of how data mining approaches can help address limitations of traditional misuse and anomaly detection methods for intrusion detection systems.

Embed presentation

Downloaded 67 times
Data Mining for Intrusion Detection DM for IDS
Outline  Data Mining  Intrusion Detection  Data Mining for Intrusion Detection
Data Mining  KDD (Knowledge Discovery in Databases): • The process of identifying valid, novel, useful understandable patterns in data. • Steps: understanding the application domain, data preparation, data mining, interpretation, and utilizing the discovered knowledge. • Data Mining (DM): applying specific algorithms to extract patterns of data. • DM is the core of KDD.
Data Mining (cont.)  KDD vs. DM:
Data Mining (cont.)  Data mining techniques & Algorithms:  Classification: classify or map a data item to one of predefined classes, decision tree algorithm.  Clustering: grouping similar data items into clusters, K-mean algorithm.  Frequent pattern mining: finds patterns or regularities that occur together.  Sequential pattern analysis: time-based, order of patterns is important.
Outline  Data Mining  Intrusion Detection  Data Mining for Intrusion Detection
Intrusion Detection  Computer security goals: confidentiality, integrity, and availability.  Intrusion: is a set of actions aimed to compromise these goals.  Intrusion prevention (authentication, encryption, etc.) alone is not sufficient.  Intrusion detection (ID) is needed  ID: is the process of identifying intrusions in a system.  IDS: combination of hardware & software that detect intrusions and raise alarms.
Intrusion Detection (cont.)  Primary assumption: users and system activities and resources can be monitored and analyzed.  Two types techniques of ID: A. Misuse detection: use pattern of well-known attack (signature) to identify intrusion, pattern- based; Email example. B. Anomaly detection: use deviation of normal usage pattern to identify intrusions, profile- based; user behavior example;
Intrusion Detection  Misuse Detection  Main Problems: • Unknown intrusions can not be detected (that have no matches patter in the system) • Manual coding of known intrusion patterns.
Intrusion Detection (cont.)  Anomaly detection:  Main problems: Selecting the right set of system features to be measured in based on experience. Unable to capture sequential interrelation between events.
Intrusion Detection  Example applications: 1. SNORT (www.snort.org) for misuse detection: • It is an open source signature based IDS • It stores signatures of each known intrusion. 1. Computer watch (AT&T) for anomaly detection: • It is an expert system that summarize security sensitive events and apply rules to detect anomalies behaviors.
Outline  Data Mining  Intrusion Detection  Data Mining for Intrusion Detection
Data Mining for ID  Why DM is applicable in intrusion detection? • Intrusion detection is a data analysis process. • Normal and intrusive activities leave evidence in audit data. • Learn from traffic data: • Supervised learning: learn precise models from past intrusions. • Unsupervised learning: identifying suspicious activities.
Data Mining for ID  Data Mining based IDS – basic steps:
Data Mining for ID  Misuse detection: • Predictive models are built from labeled data sets ( instances are labeled as “normal” or “intrusive”. • These models can be more sophisticated and precise than manually created signatures. • Classification techniques from DM are used.  Anomaly Detection:  Identifies anomalies as deviation from “normal” behavior.  EX, ADAM: Audit Data Analysis and Mining; MINDS – MINnesota INtrusion Detection System
MINDS Project
Thanks! Any questions?

More Related Content

PPTX
Databse Intrusion Detection Using Data Mining Approach
bySuraj Chauhan
 
PDF
A Study on Data Mining Based Intrusion Detection System
byAM Publications
 
PPTX
Intrusion detection using data mining
bybalbeerrawat
 
PPT
Pptbb
byRohit Shukla
 
PPTX
Analysis and Design for Intrusion Detection System Based on Data Mining
byPritesh Ranjan
 
PPT
Intrusion Detection
bybutest
 
PPT
Data Mining and Intrusion Detection
byamiable_indian
 
PPTX
Cyber intrusion
byKishor Datta Gupta
 
Databse Intrusion Detection Using Data Mining Approach
bySuraj Chauhan
 
A Study on Data Mining Based Intrusion Detection System
byAM Publications
 
Intrusion detection using data mining
bybalbeerrawat
 
Pptbb
byRohit Shukla
 
Analysis and Design for Intrusion Detection System Based on Data Mining
byPritesh Ranjan
 
Intrusion Detection
bybutest
 
Data Mining and Intrusion Detection
byamiable_indian
 
Cyber intrusion
byKishor Datta Gupta
 

What's hot

PDF
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
PPT
INTRUSION DETECTION TECHNIQUES
byTrinity Dwarka
 
PPT
Intrusion Detection
byGregory Hanis
 
PDF
Optimized Intrusion Detection System using Deep Learning Algorithm
byijtsrd
 
PPSX
Practical real-time intrusion detection using machine learning approaches
byFull Stack Developer at Electro Mizan Andisheh
 
PPTX
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
PPTX
Role of data mining in cyber security
byKhaled Al-Khalili
 
PDF
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
byDr. Amrita .
 
PDF
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...
byJowin John Chemban
 
PDF
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
PDF
Intrusion Detection System Project Report
byRaghav Bisht
 
PPT
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
byWei-Yu Chen
 
PDF
Intrusion detection
byProgrammer
 
PDF
Network forensics
byArthyR3
 
PPT
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
byamiable_indian
 
PPTX
Network forensic
byManjushree Mashal
 
PPT
Testbed For Ids
byamiable_indian
 
DOCX
Network intrusion detection using supervised machine learning technique with ...
byCloudTechnologies
 
PPT
Network Security Data Visualization
byamiable_indian
 
PPSX
Ids 00 introduction_ intrusion detection & prevention systems
byjyoti_lakhani
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
INTRUSION DETECTION TECHNIQUES
byTrinity Dwarka
 
Intrusion Detection
byGregory Hanis
 
Optimized Intrusion Detection System using Deep Learning Algorithm
byijtsrd
 
Practical real-time intrusion detection using machine learning approaches
byFull Stack Developer at Electro Mizan Andisheh
 
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
Role of data mining in cyber security
byKhaled Al-Khalili
 
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
byDr. Amrita .
 
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...
byJowin John Chemban
 
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
Intrusion Detection System Project Report
byRaghav Bisht
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
byWei-Yu Chen
 
Intrusion detection
byProgrammer
 
Network forensics
byArthyR3
 
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
byamiable_indian
 
Network forensic
byManjushree Mashal
 
Testbed For Ids
byamiable_indian
 
Network intrusion detection using supervised machine learning technique with ...
byCloudTechnologies
 
Network Security Data Visualization
byamiable_indian
 
Ids 00 introduction_ intrusion detection & prevention systems
byjyoti_lakhani
 

Viewers also liked

PPTX
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
byHassan EL ALLOUSSI
 
PPTX
Presentation: To an efficient tool for securing the card data on the Cloud: C...
byHassan EL ALLOUSSI
 
PPT
Data Mining
byshrapb
 
PPTX
02 Related Concepts
byValerii Klymchuk
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
Intrusion detection and prevention system
byNikhil Raj
 
PPT
introduction to data mining tutorial
bySalah Amean
 
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
byHassan EL ALLOUSSI
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
byHassan EL ALLOUSSI
 
Data Mining
byshrapb
 
02 Related Concepts
byValerii Klymchuk
 
Intrusion detection system ppt
bySheetal Verma
 
Intrusion detection and prevention system
byNikhil Raj
 
introduction to data mining tutorial
bySalah Amean
 

Similar to DM for IDS

PDF
C3602021025
byijceronline
 
PDF
An Intrusion Detection based on Data mining technique and its intended import...
byEditor IJMTER
 
PDF
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
byijsrd.com
 
PDF
Vol 6 No 1 - October 2013
byijcsbi
 
PPTX
Data mining in Cyber security
byPsychoCryGaming
 
PDF
Intrusion detection system: classification, techniques and datasets to implement
byIRJET Journal
 
PDF
1850 1854
byEditor IJARCET
 
PDF
1850 1854
byEditor IJARCET
 
PDF
A Study on Data Mining Based Intrusion Detection System
byAM Publications
 
PDF
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
PDF
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
PDF
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
PDF
A Survey on Various Data Mining Technique in Intrusion Detection System
byIOSRjournaljce
 
PDF
D0261019025
bytheijes
 
PDF
Bt33430435
byIJERA Editor
 
PDF
Bt33430435
byIJERA Editor
 
PDF
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM
byijwmn
 
PDF
Volume 2-issue-6-2190-2194
byEditor IJARCET
 
PDF
Volume 2-issue-6-2190-2194
byEditor IJARCET
 
PDF
International Journal of Computer Science, Engineering and Information Techno...
byijcseit
 
C3602021025
byijceronline
 
An Intrusion Detection based on Data mining technique and its intended import...
byEditor IJMTER
 
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
byijsrd.com
 
Vol 6 No 1 - October 2013
byijcsbi
 
Data mining in Cyber security
byPsychoCryGaming
 
Intrusion detection system: classification, techniques and datasets to implement
byIRJET Journal
 
1850 1854
byEditor IJARCET
 
1850 1854
byEditor IJARCET
 
A Study on Data Mining Based Intrusion Detection System
byAM Publications
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
byIJNSA Journal
 
A Survey on Various Data Mining Technique in Intrusion Detection System
byIOSRjournaljce
 
D0261019025
bytheijes
 
Bt33430435
byIJERA Editor
 
Bt33430435
byIJERA Editor
 
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM
byijwmn
 
Volume 2-issue-6-2190-2194
byEditor IJARCET
 
Volume 2-issue-6-2190-2194
byEditor IJARCET
 
International Journal of Computer Science, Engineering and Information Techno...
byijcseit
 

DM for IDS

  • 1.
    Data Mining forIntrusion Detection DM for IDS
  • 2.
    Outline  Data Mining Intrusion Detection  Data Mining for Intrusion Detection
  • 3.
    Data Mining  KDD(Knowledge Discovery in Databases): • The process of identifying valid, novel, useful understandable patterns in data. • Steps: understanding the application domain, data preparation, data mining, interpretation, and utilizing the discovered knowledge. • Data Mining (DM): applying specific algorithms to extract patterns of data. • DM is the core of KDD.
  • 4.
  • 5.
    Data Mining (cont.) Data mining techniques & Algorithms:  Classification: classify or map a data item to one of predefined classes, decision tree algorithm.  Clustering: grouping similar data items into clusters, K-mean algorithm.  Frequent pattern mining: finds patterns or regularities that occur together.  Sequential pattern analysis: time-based, order of patterns is important.
  • 6.
    Outline  Data Mining Intrusion Detection  Data Mining for Intrusion Detection
  • 7.
    Intrusion Detection  Computersecurity goals: confidentiality, integrity, and availability.  Intrusion: is a set of actions aimed to compromise these goals.  Intrusion prevention (authentication, encryption, etc.) alone is not sufficient.  Intrusion detection (ID) is needed  ID: is the process of identifying intrusions in a system.  IDS: combination of hardware & software that detect intrusions and raise alarms.
  • 8.
    Intrusion Detection (cont.) Primary assumption: users and system activities and resources can be monitored and analyzed.  Two types techniques of ID: A. Misuse detection: use pattern of well-known attack (signature) to identify intrusion, pattern- based; Email example. B. Anomaly detection: use deviation of normal usage pattern to identify intrusions, profile- based; user behavior example;
  • 9.
    Intrusion Detection  MisuseDetection  Main Problems: • Unknown intrusions can not be detected (that have no matches patter in the system) • Manual coding of known intrusion patterns.
  • 10.
    Intrusion Detection (cont.) Anomaly detection:  Main problems: Selecting the right set of system features to be measured in based on experience. Unable to capture sequential interrelation between events.
  • 11.
    Intrusion Detection  Exampleapplications: 1. SNORT (www.snort.org) for misuse detection: • It is an open source signature based IDS • It stores signatures of each known intrusion. 1. Computer watch (AT&T) for anomaly detection: • It is an expert system that summarize security sensitive events and apply rules to detect anomalies behaviors.
  • 12.
    Outline  Data Mining Intrusion Detection  Data Mining for Intrusion Detection
  • 13.
    Data Mining forID  Why DM is applicable in intrusion detection? • Intrusion detection is a data analysis process. • Normal and intrusive activities leave evidence in audit data. • Learn from traffic data: • Supervised learning: learn precise models from past intrusions. • Unsupervised learning: identifying suspicious activities.
  • 14.
    Data Mining forID  Data Mining based IDS – basic steps:
  • 15.
    Data Mining forID  Misuse detection: • Predictive models are built from labeled data sets ( instances are labeled as “normal” or “intrusive”. • These models can be more sophisticated and precise than manually created signatures. • Classification techniques from DM are used.  Anomaly Detection:  Identifies anomalies as deviation from “normal” behavior.  EX, ADAM: Audit Data Analysis and Mining; MINDS – MINnesota INtrusion Detection System
  • 16.
  • 17.