Abstract

The IDDM project aims to determine the feasibility and effectiveness of data mining techniques in real-time intrusion detection and produce solutions for this purpose. Traditionally, data mining is designed to operate on large off-line data sets. Previous attempts to apply the discipline in real-time environments met with varying success. In this paper, we overview earlier attempts to employ data mining principles in intrusion detection and present a possible system architecture for this purpose. As a consequence, we show that by combining data mining algorithms with agent technologies, near real-time operation may be attained.