Intrusion detection applying machine learning to Solaris audit data

An intrusion Detection System (IDS) seeks to identify unauthorized access to computer systems' resources and data. The most common analysis tool that these modern systems apply is the operating system audit trail that provides a fingerprint of system events over time. In this research, the Basic Security Module auditing tool of Sun's Solaris operating environment was used in both an anomoly and misuse detection approach. The anomoly detector consisted of the statistical likelihood analysis of system calls, while the misuse detector was built with a neural network trained on groupings of system calls. This research demonstrates the potential benefits of combining both aspects of detection in future IDS's to decrease false positive and false negative errors.