ADMIT

Anomaly-based data mining for intrusions

Karlton Sequeira, Mohammed Zaki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

136 Citations (Scopus)

Abstract

Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

Original languageEnglish
Title of host publicationProceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
EditorsD. Hand, D. Keim, R. Ng
Pages386-395
Number of pages10
Publication statusPublished - 1 Dec 2002
Externally publishedYes
EventKDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - Edmonton, Alta, Canada
Duration: 23 Jul 200226 Jul 2002

Other

OtherKDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
CountryCanada
CityEdmonton, Alta
Period23/7/0226/7/02

Fingerprint

Intrusion detection
Data mining
Computer systems
Computer terminals
Security of data
Data structures
Processing

ASJC Scopus subject areas

  • Information Systems

Cite this

Sequeira, K., & Zaki, M. (2002). ADMIT: Anomaly-based data mining for intrusions. In D. Hand, D. Keim, & R. Ng (Eds.), Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 386-395)

ADMIT : Anomaly-based data mining for intrusions. / Sequeira, Karlton; Zaki, Mohammed.

Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ed. / D. Hand; D. Keim; R. Ng. 2002. p. 386-395.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sequeira, K & Zaki, M 2002, ADMIT: Anomaly-based data mining for intrusions. in D Hand, D Keim & R Ng (eds), Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. pp. 386-395, KDD - 2002 Proceedings of the Eight ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Alta, Canada, 23/7/02.
Sequeira K, Zaki M. ADMIT: Anomaly-based data mining for intrusions. In Hand D, Keim D, Ng R, editors, Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2002. p. 386-395
Sequeira, Karlton ; Zaki, Mohammed. / ADMIT : Anomaly-based data mining for intrusions. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. editor / D. Hand ; D. Keim ; R. Ng. 2002. pp. 386-395
@inproceedings{e0904e0c6ec645a5850afd1d02dab320,
title = "ADMIT: Anomaly-based data mining for intrusions",
abstract = "Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3{\%} and a false positive rate as low as 15.3{\%}.",
author = "Karlton Sequeira and Mohammed Zaki",
year = "2002",
month = "12",
day = "1",
language = "English",
pages = "386--395",
editor = "D. Hand and D. Keim and R. Ng",
booktitle = "Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining",

}

TY - GEN

T1 - ADMIT

T2 - Anomaly-based data mining for intrusions

AU - Sequeira, Karlton

AU - Zaki, Mohammed

PY - 2002/12/1

Y1 - 2002/12/1

N2 - Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

AB - Security of computer systems is essential to their acceptance and utility. Computer security analysts use intrusion detection systems to assist them in maintaining computer system security. This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal. Prior efficient solutions are less suited to real time application, often requiring all training data to be labeled, and do not inherently provide an intuitive idea of what the data model means. Our system, called ADMIT, relaxes these constraints, by creating user profiles using semi-incremental techniques. It is a real-time intrusion detection system with host-based data collection and processing. Our method also suggests ideas for dealing with concept drift and affords a detection rate as high as 80.3% and a false positive rate as low as 15.3%.

UR - http://www.scopus.com/inward/record.url?scp=0242456797&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242456797&partnerID=8YFLogxK

M3 - Conference contribution

SP - 386

EP - 395

BT - Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

A2 - Hand, D.

A2 - Keim, D.

A2 - Ng, R.

ER -