An architecture for mining the Egyptian e-government network traffic for intrusion detection

A.M. Riad; M.M. Fahmy; M.A. El-Sharkawy

doi:10.1109/ITICT.2005.1609654

Back

Conference proceeding

An architecture for mining the Egyptian e-government network traffic for intrusion detection

A.M. Riad, M.M. Fahmy and M.A. El-Sharkawy

2005 International Conference on Information and Communication Technology, Vol.2005, pp.593-605

2005

DOI: https://doi.org/10.1109/ITICT.2005.1609654

Abstract

Computer networks

Computerized monitoring

Data analysis

Data mining

Electronic government

Event detection

Intrusion detection

Protection

Scalability

Telecommunication traffic

This paper presents MEGNTID; an architecture for mining the Egyptian e-government network traffic for intrusion detection. This architecture adapts a layering approach to detect intrusions, where known attacks are detected at a global layer defined for the Egyptian e-government network (EEGN) as a whole and normal behavior is filtered out at a local layer defined for each ministry's site. Clustering is used to focus the analysis on the remaining suspicious activity and identify whether it represents new intrusive or normal behavior. This architecture is intended to detect intrusions in real-time, achieve low false alarm rates, and continuously adapt to the environment changes and emergence of new intrusive behavior. The implementation plan is discussed at the end of the paper

Metrics

1 Record Views

Details

Title: An architecture for mining the Egyptian e-government network traffic for intrusion detection
Creators - without role: A.M. Riad - Mansoura University
M.M. Fahmy - Mansoura University
M.A. El-Sharkawy
Publication Details: 2005 International Conference on Information and Communication Technology, Vol.2005, pp.593-605
Publisher: IEEE
Identifiers: 9927904108331
Academic Unit: Princess Nourah bint Abdulrahman University
Language: English
Resource Type: Conference proceeding