Abstracting audit data for lightweight intrusion detection

Handle URI:
http://hdl.handle.net/10754/564265
Title:
Abstracting audit data for lightweight intrusion detection
Authors:
Wang, Wei; Zhang, Xiangliang ( 0000-0002-3574-5665 ) ; Pitsilis, Georgios
Abstract:
High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division; Computer Science Program; Machine Intelligence & kNowledge Engineering Lab
Publisher:
Springer Science + Business Media
Journal:
Lecture Notes in Computer Science
Conference/Event name:
6th International Conference on Information Systems Security, ICISS 2010
Issue Date:
2010
DOI:
10.1007/978-3-642-17714-9_15
Type:
Conference Paper
ISSN:
03029743
ISBN:
3642177131; 9783642177132
Appears in Collections:
Conference Papers; Computer Science Program; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorWang, Weien
dc.contributor.authorZhang, Xiangliangen
dc.contributor.authorPitsilis, Georgiosen
dc.date.accessioned2015-08-04T06:21:18Zen
dc.date.available2015-08-04T06:21:18Zen
dc.date.issued2010en
dc.identifier.isbn3642177131; 9783642177132en
dc.identifier.issn03029743en
dc.identifier.doi10.1007/978-3-642-17714-9_15en
dc.identifier.urihttp://hdl.handle.net/10754/564265en
dc.description.abstractHigh speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.en
dc.publisherSpringer Science + Business Mediaen
dc.titleAbstracting audit data for lightweight intrusion detectionen
dc.typeConference Paperen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.contributor.departmentComputer Science Programen
dc.contributor.departmentMachine Intelligence & kNowledge Engineering Laben
dc.identifier.journalLecture Notes in Computer Scienceen
dc.conference.date17 December 2010 through 19 December 2010en
dc.conference.name6th International Conference on Information Systems Security, ICISS 2010en
dc.conference.locationGandhinagaren
dc.contributor.institutionInterdisciplinary Centre for Security, Reliability and Trust (SnT Centre), Université du Luxembourg, Luxembourg, Luxembourgen
dc.contributor.institutionFaculty of Science, Technology and Communication, Université du Luxembourg, Luxembourg, Luxembourgen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.