Abstract
Problem statement: Intrusion Detection System (IDS) have become an important component of infrastructure protection mechanism to secure the current and emerging networks, its services and applications by detecting, alerting and taking necessary actions against the malicious activities. The network size, technology diversities and security policies make networks more challenging and hence there is a requirement for IDS which should be very accurate, adaptive, extensible and more reliable. Although there exists the novel framework for this requirement namely Mining Audit Data for Automated Models for Intrusion Detection (MADAM ID), it is having some performance shortfalls in processing the audit data. Approach: Few experiments were conducted on tcpdump data of DARPA and BCM audit files by applying the algorithms and tools of MADAM ID in the processing of audit data, mine patterns, construct features and build RIPPER classifiers. By putting it all together, four main categories of attacks namely DOS, R2L, U2R and PROBING attacks were simulated. Results: This study outlines the experimentation results of MADAM ID in testing the DARPA and BSM data on a simulated network environment. Conclusion: The strengths and weakness of MADAM ID has been identified thru the experiments conducted on tcpdump data and also on Pascal based audit files of Basic Security Module (BSM). This study also gives some additional directions about the future applications of MADAM ID.
Highlights
All these preventive controls can be complimented example (Durst et al, 1999), that the insiders, who have as the line of defense, an Id
We describe in detail about our experiments on DARPA and Basic Security Module (BSM) audit data files for building intrusion detection models
Experiments on tcpdump data and their results: In audit data is really very huge, instead, we considered only order to test the effectiveness of data mining techniques those connection records that fall within a surrounding in Intrusion Detection System (IDS) (Abraham, 2001), we took the user of time of plus and minus 5 min of each attack
Summary
All these preventive controls can be complimented example (Durst et al, 1999), that the insiders, who have as the line of defense, an Id. We describe in detail about our experiments on DARPA and BSM audit data files for building intrusion detection models. A pre-processing dataset pattern: Misuse detection: The ‘list files’ which are included in the training data files were used to identify type of attack, source and destination host and port id and the timestamp of the files.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
