ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper CTAR: Classification Based on Temporal Class-Association Rules for Intrusion Detection
Cited 5 time in scopus Share share facebook twitter linkedin kakaostory
Authors
Jin Suk Kim, Hohn Gyu Lee, Sungbo Seo, Keun Ho Ryu
Issue Date
2003-08
Citation
International Workshop on Information Security Applications (WISA) 2003 (LNCS 2908), v.2908, pp.84-96
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1007/978-3-540-24591-9_7
Abstract
Recently, increased number and diversity of network attack caused difficulties in intrusion detection. One of the intrusion detection, anomaly detection is a method of treating abnormal behaviors that deviate from modeled normal behaviors as suspicious attack. Research on data mining for intrusion detection focused on association rules, frequent episodes and classification. However despite the usefulness of rules that include temporal dimension and the fact that the audit data has temporal attribute, the above methods were limited in static rule extraction and did not consider temporal attributes. Therefore, we propose a new classification for intrusion detection. The proposed method is the CTAR(short for, Classification based on Temporal Class-Association Rules) and it extends combination of association rules and classification, CARs(short for, Class-Association Rules) by including temporal attribute. CTAR discovers rules in multiple time granularities and users can easily understand the discovered rules and temporal patterns. Finally, we proof that a prediction model (classifier) built from CTAR method yields better accuracy than a prediction model built from a traditional methods by experimental results. © Springer-Verlag 2004.