Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (Z11): 252-258.

Previous Articles     Next Articles

Technical Study of Reducing Redundant Data for Intrusion Detection and Intrusion Forensics

QIAN Qin,ZHANG Jian,ZHANG Kun,FU Xiao and MAO Bing   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

648

Abstract: For the past few years,the amount of computer crime has been increasing year by year,and it is threatening various aspects of human society such as national politics,economy,and culture,etc.In modern society,the research on intrusion forensics and intrusion detection plays a significant role for fighting against computer crime,tracing intrusion,patching vulnerability and improving security system of computer network.However,with the popularity of Internet and the improving capacity of computers’ storage,we often need to handle mass data about GB size,even up to TB size for intrusion forensics and intrusion detection.It inevitably makes much useful information submerge in redundant events,which brings about a huge challenge and low accuracy of analysis result.So it will be a topmost breakthrough to design a kind of technology for reducing redundant data and improving its accuracy and efficiency.This paper summarized several methods on intrusion forensics and intrusion detection.Firstly,this paper discoursed the development course of redundancy-reducing techniques and the application in traditional field such as medical domain.Then it systematically introduced all kinds of redundancy-reducing methods in intrusion forensics and intrusion detection.Finally,it figured out the existing problems and research direction in the future.It also gave some conclusions through the comparison on current situation of redundant data reducing techniques.

Key words: Intrusion detection,Intrusion forensics,Redundant data reduction

[1] Guest G,MaCQueen K M.Data Reduction Techniques for Large Qualitative Data Sets [M]∥Namey E,Guest G,Thairu L,et al.Handbook for Team-based Qualitative Research.Lanham:Altamira Press,2008:137-162
[2] MacQueen KM,McLellan E,Metzger D,et al.What Is Community? An Evidence-based Definition for Participatory Public Health [J].American Journal of Public Health,2001,91(12):1929-1937
[3] Denzin N,Lincoln Y.Data Management and Analysis Methods[M]∥Ryan G ,Bernard R.Handbook of Qualitative Research.CA:Sage Press,2000:769-802
[4] Guest G,McLellan E.Distinguishing the Trees From the Forest:Applying Cluster Analysis to Thematic Qualitative Data [J].Field Methods,2003,15(2):186-201
[5] Barnett G,Danowski J.The Structure of Communication:ANetwork Analysis of the International Communication Association [J].Human Communication Resources,1992,19(2):264-285
[6] Richards D,Barnett G.Network Analysis of Message Content[M]∥Danowski J.Progress in Communication Science.Norwood N J :Ablex Publishing Corporation,1993:198-221
[7] Pool IDS.The Representational Model and Relevant ResearchMethods [M]∥Osgood C.Trends in Content Analysis.Urbana:University of Illinois Press,1959:33-88
[8] Aldenderfer M S ,Blashfield R K.Cluster Analysis[M].CA:Sage Press,1984:234-236
[9] Schiffman S,Reynolds SLM ,Young FW.Introduction to Multidimensional Scaling:Theory,Methods,and Applications [M].New York:Academic Press,1981:31-37
[10] Natick MA.ANTHROPAC 4.0 Methods Guide [M]∥Borgatti SP.Analytic Technologies.USA:Columbia Press,1996:137-143
[11] 范明,孟小峰.数据挖掘概念与技术[M].北京:机械工业出版社,2007:98-102
[12] Pietraszek T.Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection [C]∥French Riviera,France.Proceedings of RAID 2004.Heidelberg:Springer,2004:102-124
[13] Law KH,Kwok LF.IDS False Alarm Filtering Using KNN Classifier [C]∥Proceedings of WISA 2004.Leju Island,Korea,Heidelberg:Springer,2005:114-121
[14] Alharby A,Imai H.IDS False Alarm Reduction Using Continuous and Discontinuous Patterns [C]∥Proceedings of ACNS 2005.New York,USA,Heidelberg:Springer,2005:192-205
[15] Davenport M A,Baraniuk R G,Scott C D.Controlling False Alarms with Support Vector Machines [C]∥Proceedings of ICASSP 2006.Toulouse,France,New York:IEEE Press,2006:589-592
[16] Julisch K,Dacier M.Mining Intrusion Detection Alarms for Actionable Knowledge [C]∥Proceedings of KDD’02.Alberta,Canada,New York:ACM Press,2002:366-375
[17] Julisch K.Mining Alarm Clusters to Improve Alarm Handling Efficiency [C]∥Proceedings of ACSAC’01.Los Alamitos,CA,New York:IEEE Press,2001:12-21
[18] Julisch K.Clustering Intrusion Detection Alarms to SupportRoot Cause Analysis [J].ACM Transactions on Information and System Security,2003,6(4):443-471
[19] Manganaris S,Christensen M,Zerkle D,et al.A Data Mining Analysis of RTID Alarms [J].Computer Networks,2000,33(4):571-577
[20] Nehinbe JO.Optimized Clustering Method for Reducing Challenges of Network Forensics [C]∥ Proceedings of CEEC 2010 2nd.Colchester,UK,New York:IEEE Press,2010:1-6
[21] 刘静,赵宇驰.数据挖掘领域中的聚类分析[J].东北林业大学学报,2012,40(8):13-19
[22] Ertoz L,Eilertson E,Lazarevic A,et al.Detection of Novel Network Attacks Using Data Mining [C]∥Proceedings of DMSEC 2003.Melbourne,FL,USA,New York:IEEE Press,2003:1-10
[23] Dokas P,Ertoz L,Kumar V,et al.Data Mining for Network Intrusion Detection [C]∥Proceedings of NSF Workshop on Next Generation Data Mining.Baltimore,USA,Cambridge:AAAI/MIT Press,2002:21-30
[24] Fu Xiao,Xie Li.Using Outlier Detection to Reduce False Posi-tives in Intrusion Detection [C]∥Proceedings of NPC 2008.Shanghai,China,New York:IEEE Press,2008:26-33
[25] Iwan S.False Alert Reduction System using Outlier DetectionMethods [R].UK:University of Southampton,2010
[26] Axelsson S.The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection [C]∥Proceedings of 6th ACM Conference on Computer and Communications Security.Singapore,New York:ACM Press,1999:1-7
[27] Goldman R.A Stochastic Model for Intrusions [C]∥Proceedings of RAID 2002.Zurich,Switzerland,Heidelberg:Springer,2002:199-218
[28] Puttini R,Marrakchi Z,Me L.Bayesian Classification Model for Real-Time Intrusion Detection[C]∥Proceedings of 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering.Idaho,USA,2002:150-162
[29] Mukkamala S,Sung A H.Identifying Significant Features forNetwork Forensic Analysis Using Artificial Intelligence Techniques [J].International Journal on Digital Evidence,2003,1(4):1-17
[30] Liu Z Q,Lin D D,Feng D G.Fuzzy Decision Tree based Inference Techniques for Network Forensic Analysis [J].Journal of Software.2007,18(10):2635-2644
[31] Kim J S,Kim M,Noh B N.A Fuzzy Expert System for Network Forensics [C]∥Proceedings of the ICCSA 2004.Assisi,Italy,Heidelberg:Springer,2004:175-182
[32] Quinlan J R.Induction on decision trees [J].Machine Learning,1986,1(1):81-106
[33] Zadeh L A.Fuzzy Sets [J].Information and Control,1965(8):338-353
[34] Setnes M,Babuska R,Verbruggen HB.Rule-based Modeling:Precision and Transparency [J].IEEE Transaction on Systems,Man,and Cybernetics,1998,28(1):165-169
[35] Takagi T,Sugeno M.Fuzzy Identification of Systems and Its Applications to Modeling and Control [J].IEEE Transaction on Systems,Man,and Cybernetics,1985,15(1):116-132
[36] Hertz J,Krogh A,Palmer R G.Introduction to the Theory of Neural Computation [M].Boston,USA:Addison -Wesley,1991:18-30
[37] Demuth H,Beale M.Neural Network Toolbox User’s Guide[R].Math Works,Inc.Natick,MA,2000
[38] Sung AH.Ranking Importance of Input Parameters of Neural Networks [J].Expert Systems with Applications,1998,15(3/4):405-41
[39] Vladimir V N.The Nature of Statistical Learning Theory[M].Heidelberg:Springer,1995:98-99
[40] Joachims T.Estimating the Generalization Performance of aSVM Efficiently [C] ∥Proceedings of the 17th International Conference on Machine Learning.CA,USA,San Francisco:Morgan Kaufman,2000:431-438
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.