CTAR:Classification based on temporal class-association rules for intrusion detection

Jin Suk Kim, Hohn Gyu Lee, Sungbo Seo, Keun Ho Ryu

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

5 Scopus citations

Abstract

Recently, increased number and diversity of network attack caused difficulties in intrusion detection. One of the intrusion detection, anomaly detection is a method of treating abnormal behaviors that deviate from modeled normal behaviors as suspicious attack. Research on data mining for intrusion detection focused on association rules, frequent episodes and classification. However despite the usefulness of rules that include temporal dimension and the fact that the audit data has temporal attribute, the above methods were limited in static rule extraction and did not consider temporal attributes. Therefore, we propose a new classification for intrusion detection. The proposed method is the CTAR(short for, Classification based on Temporal Class-Association Rules) and it extends combination of association rules and classification, CARs(short for, Class-Association Rules) by including temporal attribute. CTAR discovers rules in multiple time granularities and users can easily understand the discovered rules and temporal patterns. Finally, we proof that a prediction model (classifier) built from CTAR method yields better accuracy than a prediction model built from a traditional methods by experimental results.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsKijoon Chae, Moti Yung
PublisherSpringer Verlag
Pages84-96
Number of pages13
ISBN (Print)3540208275
DOIs
StatePublished - 2004

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2908
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Dive into the research topics of 'CTAR:Classification based on temporal class-association rules for intrusion detection'. Together they form a unique fingerprint.

Cite this