Reference : Abstracting Audit Data for Lightweight Intrusion Detection
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/16014
Abstracting Audit Data for Lightweight Intrusion Detection
English
Wang, Wei [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Zhang, Xiangliang [King Abdullah University of Science and Technology (KAUST), Saudi Arabia]
Pitsilis, Georgios mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2010
Information Systems Security
Springer
Lecture Notes in Computer Science, 6503
201-215
No
978-3-642-17713-2
Berlin
Germany
6th International Conference on Information Systems Security
17-19 December 2010
Gujarat
India
[en] High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction.
http://hdl.handle.net/10993/16014
10.1007/978-3-642-17714-9_15

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
Wang.pdfPublisher postprint260.65 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.