Mining system audit data: Opportunities and challenges

Wenke Lee; Wei Fan

doi:10.1145/604264.604270

SIGMOD Record

Paper

01 Jan 2001

Mining system audit data: Opportunities and challenges

View publication

Abstract

Intrusion detection is an essential component of computer security mechanisms. It requires accurate and efficient analysis of a large amount of system and network audit data. It can thus be an application area of data mining. There are several characteristics of audit data: abundant raw data, rich system and network semantics, and ever "streaming". Accordingly, when developing data mining approaches, we need to focus on: feature extraction and construction, customization of (general) algorithms according to semantic information, and optimization of execution efficiency of the output models. In this paper, we describe a data mining framework for mining audit data for intrusion detection models. We discuss its advantages and limitations, and outline the open research problems.

Conference paper

Mining system audit data: Opportunities and challenges

Abstract

Related

An iterative and re-weighting framework for rejection and uncertainty resolution in crowdsourcing

Inductive learning in less than one sequential data scan

The next generation of transportation systems, greenhouse emissions, and data mining

Latent space domain transfer between high dimensional overlapping distributions