Use of K-Nearest Neighbor classifier for intrusion detection

被引:483
作者
Liao, YH [1 ]
Vemuri, VR [1 ]
机构
[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA
来源
COMPUTERS & SECURITY | 2002年 / 21卷 / 05期
关键词
k-Nearest Neighbor classifier; intrusion detection; system calls; text categorization; program profile;
D O I
10.1016/S0167-4048(02)00514-X
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by frequencies of system calls. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a popular method in text categorization. This method seems to offer some computational advantages over those that seek to characterize program behavior with short sequences of system calls and generate individual program profiles. Preliminary experiments with 1998 DARPA BSM audit data show that the kNN classifier can effectively detect intrusive attacks and achieve a low false Positive rate.
引用
收藏
页码:439 / 448
页数:10
相关论文
共 50 条
[31]   Digital Twin-Based Healthcare System (DTHS) for Earlier Parkinson Disease Identification and Diagnosis Using Optimized Fuzzy Based k-Nearest Neighbor Classifier Model [J].
Abirami, L. ;
Karthikeyan, J. .
IEEE ACCESS, 2023, 11 :96661-96672
[32]   K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection [J].
Ma, Zhenghui ;
Kahan, Ata .
2013 13TH UK WORKSHOP ON COMPUTATIONAL INTELLIGENCE (UKCI), 2013, :266-271
[33]   k-Nearest Neighbours Classification Based Sybil Attack Detection in Vehicular Networks [J].
Gu, Pengwenlong ;
Khatoun, Rida ;
Begriche, Youcef ;
Serhrouchni, Ahmed .
PROCEEDINGS OF THE 2017 THIRD INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES (MOBISECSERV), 2017,
[34]   Improved Nearest Neighbor Classifier Based on Local Space Inversion [J].
Szymanski, Zbigniew ;
Dwulit, Marek P. .
3RD INTERNATIONAL CONFERENCE ON HUMAN SYSTEM INTERACTION, 2010, :95-100
[35]   Asymptotic expansions of the k nearest neighbor risk [J].
Snapp, RR ;
Venkatesh, SS .
ANNALS OF STATISTICS, 1998, 26 (03) :850-878
[36]   Statistical-mean double-quantitative K-nearest neighbor classification learning based on neighborhood distance measurement [J].
Zhang, Xianyong ;
Gou, Hongyuan .
KNOWLEDGE-BASED SYSTEMS, 2022, 250
[37]   Contourlets For Facial Expression Analysis Using One Nearest Neighbor Classifier [J].
Suresh, R. ;
Audithan, S. .
SECOND INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING AND TECHNOLOGY (ICCTET 2014), 2014, :380-U1086
[38]   An Integration of K-Means Clustering and Naive Bayes Classifier for Intrusion Detection [J].
Varuna, S. ;
Natesan, P. .
2015 3RD INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING, COMMUNICATION AND NETWORKING (ICSCN), 2015,
[39]   Hybrid Classifier Systems for Intrusion Detection [J].
Chou, Te-Shun ;
Chou, Tsung-Nan .
2009 7TH ANNUAL COMMUNICATION NETWORKS AND SERVICES RESEARCH CONFERENCE, 2009, :286-+
[40]   Wavelet transform and SGLDM: A classification performance study using ML parameter estimation, minimum distance, and K-nearest neighbor classifiers [J].
Singh, R ;
Vasquez, R ;
Singh, R .
VISUAL INFORMATION PROCESSING VI, 1997, 3074 :142-150
12345