A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach

A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach

None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply static mining approaches. This study proposed a real-time NIDS with incremental mining for fuzzy association rules. By con...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2009-07, Vol.28 (5), p.301-309
Hauptverfasser: Su, Ming-Yang, Yu, Gwo-Jong, Lin, Chun-Yuen
Format: Artikel
Sprache:eng
Schlagworte:
Association rules
Data mining
Denial of service attacks
Fuzzy association rules
Fuzzy logic
Incremental mining
Intrusion detection systems
Network security
Online mining
Real time
Real-time NIDS
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 309
container_issue 5
container_start_page 301
container_title Computers & security
container_volume 28
creator Su, Ming-Yang
Yu, Gwo-Jong
Lin, Chun-Yuen
description None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply static mining approaches. This study proposed a real-time NIDS with incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack-free packets, the proposed system can render a decision every 2 seconds. Thus, compared with traditional static mining approaches, the proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers only, like the previous works based on fuzzy association rules, large-scale attack types are focused. Many DoS attacks were experimented in this study. Experiments were performed to demonstrate the excellent effectiveness and efficiency of the proposed system. The system may not cause false alarms because normal programs supposedly would not generate enough mal-formatted packets, or packets that violate normal network protocols.
doi_str_mv 10.1016/j.cose.2008.12.001
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_903638317</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S016740480800134X</els_id><sourcerecordid>903638317</sourcerecordid><originalsourceid>FETCH-LOGICAL-c390t-5b1c6d51ab868c66bcd2451829edaffafa388f6eadc9ecadace272c213a420bf3</originalsourceid><addsrcrecordid>eNp90ctu1DAUBmALUYmh5QVYWSxgleBL4jgSm6qiBakSG1hbJ8cnxdPEGWwPqG-PR8OKRVf24vt9OT9jb6VopZDm477FLVOrhLCtVK0Q8gXbSTuoxihhX7JdRUPTic6-Yq9z3lcwGGt3LF7zRLA0JazEI5U_W3rkIZZ0zGGL3FMhLKddfsqFVj5viS-QHqjJCAtxKAXwMfMJMnleHcQax0QrxQILX0MM8YHD4ZA2wJ9X7GKGJdObf-sl-3H7-fvNl-b-293Xm-v7BvUoStNPEo3vJUzWWDRmQq-6Xlo1kod5hhm0tbMh8DgSggckNShUUkOnxDTrS_bhfG699teRcnFryEjLApG2Y3aj0EZbLYcq3z8rddf1Wo99he_-g_vtmGL9hVNiqO8RRlSkzgjTlnOi2R1SWCE9OSncqSm3d6em3KkpJ5WrRdTQp3OI6kR-B0ouY6CI5EOq03d-C8_F_wJ_IZ7c</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207388060</pqid></control><display><type>article</type><title>A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Su, Ming-Yang ; Yu, Gwo-Jong ; Lin, Chun-Yuen</creator><creatorcontrib>Su, Ming-Yang ; Yu, Gwo-Jong ; Lin, Chun-Yuen</creatorcontrib><description>None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply static mining approaches. This study proposed a real-time NIDS with incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack-free packets, the proposed system can render a decision every 2 seconds. Thus, compared with traditional static mining approaches, the proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers only, like the previous works based on fuzzy association rules, large-scale attack types are focused. Many DoS attacks were experimented in this study. Experiments were performed to demonstrate the excellent effectiveness and efficiency of the proposed system. The system may not cause false alarms because normal programs supposedly would not generate enough mal-formatted packets, or packets that violate normal network protocols.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2008.12.001</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Association rules ; Data mining ; Denial of service attacks ; Fuzzy association rules ; Fuzzy logic ; Incremental mining ; Intrusion detection systems ; Network security ; Online mining ; Real time ; Real-time NIDS ; Studies</subject><ispartof>Computers &amp; security, 2009-07, Vol.28 (5), p.301-309</ispartof><rights>2008 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Jul 2009</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c390t-5b1c6d51ab868c66bcd2451829edaffafa388f6eadc9ecadace272c213a420bf3</citedby><cites>FETCH-LOGICAL-c390t-5b1c6d51ab868c66bcd2451829edaffafa388f6eadc9ecadace272c213a420bf3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S016740480800134X$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65534</link.rule.ids></links><search><creatorcontrib>Su, Ming-Yang</creatorcontrib><creatorcontrib>Yu, Gwo-Jong</creatorcontrib><creatorcontrib>Lin, Chun-Yuen</creatorcontrib><title>A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach</title><title>Computers &amp; security</title><description>None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply static mining approaches. This study proposed a real-time NIDS with incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack-free packets, the proposed system can render a decision every 2 seconds. Thus, compared with traditional static mining approaches, the proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers only, like the previous works based on fuzzy association rules, large-scale attack types are focused. Many DoS attacks were experimented in this study. Experiments were performed to demonstrate the excellent effectiveness and efficiency of the proposed system. The system may not cause false alarms because normal programs supposedly would not generate enough mal-formatted packets, or packets that violate normal network protocols.</description><subject>Association rules</subject><subject>Data mining</subject><subject>Denial of service attacks</subject><subject>Fuzzy association rules</subject><subject>Fuzzy logic</subject><subject>Incremental mining</subject><subject>Intrusion detection systems</subject><subject>Network security</subject><subject>Online mining</subject><subject>Real time</subject><subject>Real-time NIDS</subject><subject>Studies</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2009</creationdate><recordtype>article</recordtype><recordid>eNp90ctu1DAUBmALUYmh5QVYWSxgleBL4jgSm6qiBakSG1hbJ8cnxdPEGWwPqG-PR8OKRVf24vt9OT9jb6VopZDm477FLVOrhLCtVK0Q8gXbSTuoxihhX7JdRUPTic6-Yq9z3lcwGGt3LF7zRLA0JazEI5U_W3rkIZZ0zGGL3FMhLKddfsqFVj5viS-QHqjJCAtxKAXwMfMJMnleHcQax0QrxQILX0MM8YHD4ZA2wJ9X7GKGJdObf-sl-3H7-fvNl-b-293Xm-v7BvUoStNPEo3vJUzWWDRmQq-6Xlo1kod5hhm0tbMh8DgSggckNShUUkOnxDTrS_bhfG699teRcnFryEjLApG2Y3aj0EZbLYcq3z8rddf1Wo99he_-g_vtmGL9hVNiqO8RRlSkzgjTlnOi2R1SWCE9OSncqSm3d6em3KkpJ5WrRdTQp3OI6kR-B0ouY6CI5EOq03d-C8_F_wJ_IZ7c</recordid><startdate>20090701</startdate><enddate>20090701</enddate><creator>Su, Ming-Yang</creator><creator>Yu, Gwo-Jong</creator><creator>Lin, Chun-Yuen</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20090701</creationdate><title>A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach</title><author>Su, Ming-Yang ; Yu, Gwo-Jong ; Lin, Chun-Yuen</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c390t-5b1c6d51ab868c66bcd2451829edaffafa388f6eadc9ecadace272c213a420bf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Association rules</topic><topic>Data mining</topic><topic>Denial of service attacks</topic><topic>Fuzzy association rules</topic><topic>Fuzzy logic</topic><topic>Incremental mining</topic><topic>Intrusion detection systems</topic><topic>Network security</topic><topic>Online mining</topic><topic>Real time</topic><topic>Real-time NIDS</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Su, Ming-Yang</creatorcontrib><creatorcontrib>Yu, Gwo-Jong</creatorcontrib><creatorcontrib>Lin, Chun-Yuen</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Su, Ming-Yang</au><au>Yu, Gwo-Jong</au><au>Lin, Chun-Yuen</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach</atitle><jtitle>Computers &amp; security</jtitle><date>2009-07-01</date><risdate>2009</risdate><volume>28</volume><issue>5</issue><spage>301</spage><epage>309</epage><pages>301-309</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply static mining approaches. This study proposed a real-time NIDS with incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack-free packets, the proposed system can render a decision every 2 seconds. Thus, compared with traditional static mining approaches, the proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers only, like the previous works based on fuzzy association rules, large-scale attack types are focused. Many DoS attacks were experimented in this study. Experiments were performed to demonstrate the excellent effectiveness and efficiency of the proposed system. The system may not cause false alarms because normal programs supposedly would not generate enough mal-formatted packets, or packets that violate normal network protocols.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2008.12.001</doi><tpages>9</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2009-07, Vol.28 (5), p.301-309
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_miscellaneous_903638317
source Elsevier ScienceDirect Journals Complete
subjects Association rules
Data mining
Denial of service attacks
Fuzzy association rules
Fuzzy logic
Incremental mining
Intrusion detection systems
Network security
Online mining
Real time
Real-time NIDS
Studies
title A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-14T07%3A36%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20real-time%20network%20intrusion%20detection%20system%20for%20large-scale%20attacks%20based%20on%20an%20incremental%20mining%20approach&rft.jtitle=Computers%20&%20security&rft.au=Su,%20Ming-Yang&rft.date=2009-07-01&rft.volume=28&rft.issue=5&rft.spage=301&rft.epage=309&rft.pages=301-309&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/j.cose.2008.12.001&rft_dat=%3Cproquest_cross%3E903638317%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207388060&rft_id=info:pmid/&rft_els_id=S016740480800134X&rfr_iscdi=true