I need to create Attack signatures for Signature-Based Intrusion Detection using the KDD data set. Is it possible to use Apriori (or any Association rule learning algorithm) for this task? If not please suggest alternative method.
2 回答
Sure, you can use association rules to create attack signatures. I guess, even frequent itemsets would be sufficient: Extract of known attacks common attributes and create therefore frequent itemsets to detect an up coming attack. From those frequent itemsets you can extract association rules. Those would be handy in so far, that one could predict i.e. the next step of an current attack.
Yes, you can use pattern mining algorithm to create attack signatures. Itemset and association rule is a good idea. But you could also considers sequential rules (an association rule that consider the sequential ordering), or sequential patterns. This may be more appropriate perhaps. If you want to try such algorithm, you can check the SPMF library which offer more than 100 algorithms for these types of problems: http://www.philippe-fournier-viger.com/spmf/ (I am the founder, by the way). You could try different algorithms to see what work best for your problem.