Databases Reference
In-Depth Information
Audit data storage:
Typical intrusion detection systems store the audit
data either indefinitely or for a suciently long time for later reference. The
volume of data is often exceedingly large. Hence, the problem of audit data
reduction is a major research issue in the design of intrusion detection
systems.
Analysis and detection:
The processing block is the heart of an
intrusion detection system where the algorithms to detect suspicious
activities are implemented. Algorithms for the analysis and detection of
intrusions have been traditionally classified into three broad categories:
signature (or misuse) detection, anomaly detection and hybrid detection.
Configuration data:
The configuration data is the most sensitive part
of an intrusion detection system. It contains information that pertains to
the operation of the intrusion detection system, namely; information on
how and when to collect audit data, how to respond to intrusions, etc.
Reference data:
The reference data storage module stores information
about known intrusion signatures (in case of signature detection) or profiles
of normal behavior (in case of anomaly detection). In the latter case, the
profiles are updated whenever new knowledge about the system behavior
is available.
Active/processing data:
The processing element must frequently store
intermediate results such as information about partially fulfilled intrusion
signatures.
Alarm:
This part of the system deals with all output produced from
the intrusion detection system. The output may be either an automated
response to an intrusion or a suspicious activity that is informed to a system
security ocer.
6.2. Mining Knowledge Using Data Mining Techniques
Huge amount of data is generated through the day-to-day functioning of
organizations. Many times vital information is hidden in such large volumes
of data which can influence the decision-making process of any organization.
Exploring knowledge from the available data sources in order to guide our
actions, be it in business, science or engineering, is an interesting domain of
research. Data mining is a technique which tries to automatically extract
