Intrusion detection systems have traditionally been based on the characteri
zation of an attack and the tracking of the activity on the system to see i
f it matches that characterization. Recently, new intrusion detection syste
ms based on data mining are making their appearance in the field. This pape
r describes the design and experiences with the ADAM (Audit Data Analysis a
nd Mining) system, which we use as a testbed to study how useful data minin
g techniques can be in intrusion detection.