Date Added: Apr 2012
Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. This paper gives an overview of the existing intrusion detection techniques, including anomaly detection and misuse detection models, and identifies techniques related to intrusion detection in distributed systems. It includes topics like machine learning and data mining approaches. In this paper, the authors describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.