Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis

In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system, logs ill order to discover all MLSI - which is all certain event Which ill many cases occurs during an intrusion. If all,MLSI is found. then IDA Judges whether the MLSI is accompanied by all intrusion. We adopt discriminant analysis to analyze information after IDA detects,in MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to,separate intrusive activities from non-intrusive activities. Using discriminant analysis. we call detect intrusions by analyzing only a part of system calls occurring Oil, a host machine. and we can determine whether all unknown sample is all intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.