Title

Bootstrapping Methodology For The Session-Based Anomaly Notification Detector (Sand)

Keywords

Anomaly detection; Bootstrapping; Data mining; Data modeling; Decision tree; Intrusion detection system; Signature detection

Abstract

In [1] we discussed the possibilities of an anomaly-based intrusion detection system that modeled a network at a particular location using advanced data mining techniques on the network packets. In later research [2], we discovered that session-based anomaly detectors produced faster and better results that met our needs for modeling networks. However, a relatively high misclassification rate for our subsequent session-based models showed that we need to produce more solid results. Therefore, we created a bootstrapping algorithm to allow us to create submodels that were eventually combined together to form a larger metamodel. This larger meta-model contained information that had very low misclassification rates. Further, this bootstrapping methodology drastically reduced the false alarm rate while maintaining or even improving upon the number of attacks found in our training data sets. Copyright 2006 ACM.

Publication Date

12-1-2006

Publication Title

Proceedings of the Annual Southeast Conference

Volume

2006

Number of Pages

175-179

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/1185448.1185488

Socpus ID

34248352596 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/34248352596

This document is currently not available here.

Share

COinS