Abstract
The Minnesota Intrusion Detection System (MINDS), a data mining based system, can detect sophisticated cyberattacks on large-scale networks using signature-based systems. At MINDS' core is a behavioral-anomaly detection module based on a novel data-driven technique for calculating the distance between points in high-dimensional space, enabling meaningful calculation of the similarity between records containing a mixture of categorical and numerical attitudes. MINDS uses the shared nearest neighbor clustering algorithm, which works particularly well when data is high-dimensional and noisy. Its ability to summarize large amounts of network traffic can be highly valuable for network security analysts who must deal with large amounts of data.
| Original language | English (US) |
|---|---|
| Journal | IEEE Distributed Systems Online |
| Volume | 6 |
| Issue number | 10 |
| DOIs | |
| State | Published - Oct 2005 |
Bibliographical note
Funding Information:This work is supported by ARDA grant AR/F30602-03-C-0243, NSF grants IIS-0308264 and ACI-0325949, and the US Army High Performance Computing Research Center under contract DAAD19-01-2-0014. The research reported in this article was performed in collaboration with Paul Dokas, Eric Eilertson, Levent Ertoz, Aleksandar Lazarevic, Michael Steinbach, George Simon, Mark Shaneck, Haiyang Liu, Jaideep Srivastava, Pang-Ning Tan, Varun Chandola, Yongdae Kim, Zhi-li Zhang, Sanjay Ranka, and Bob Grossman.