ADMIT: Anomaly-based data mining for intrusions

Karlton Sequeira, Mohammed Zaki

Research output: Contribution to conferencePaper

Abstract

Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

Original languageEnglish
Pages386-395
Number of pages10
Publication statusPublished - 1 Dec 2002
EventKDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - Edmonton, Alta, Canada
Duration: 23 Jul 200226 Jul 2002

Other

OtherKDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
CountryCanada
CityEdmonton, Alta
Period23/7/0226/7/02

    Fingerprint

ASJC Scopus subject areas

  • Software
  • Information Systems

Cite this

Sequeira, K., & Zaki, M. (2002). ADMIT: Anomaly-based data mining for intrusions. 386-395. Paper presented at KDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Alta, Canada.