Use of K-Nearest Neighbor classifier for intrusion detection

被引:483
作者
Liao, YH [1 ]
Vemuri, VR [1 ]
机构
[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA
来源
COMPUTERS & SECURITY | 2002年 / 21卷 / 05期
关键词
k-Nearest Neighbor classifier; intrusion detection; system calls; text categorization; program profile;
D O I
10.1016/S0167-4048(02)00514-X
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by frequencies of system calls. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a popular method in text categorization. This method seems to offer some computational advantages over those that seek to characterize program behavior with short sequences of system calls and generate individual program profiles. Preliminary experiments with 1998 DARPA BSM audit data show that the kNN classifier can effectively detect intrusive attacks and achieve a low false Positive rate.
引用
收藏
页码:439 / 448
页数:10
相关论文
共 50 条
[41]   Fuzzy belief k-nearest neighbors anomaly detection of user to root and remote to local attacks [J].
Chou, Te-Shun ;
Yen, Kang K. .
2007 IEEE INFORMATION ASSURANCE WORKSHOP, 2007, :207-+
[42]   A machine learning model for multi-class classification of quenched and partitioned steel microstructure type by the k-nearest neighbor algorithm [J].
Gupta, Ashutosh Kumar ;
Chakroborty, Sunny ;
Ghosh, Swarup Kumar ;
Ganguly, Subhas .
COMPUTATIONAL MATERIALS SCIENCE, 2023, 228
[43]   Local polynomial metrics for K nearest neighbor classifiers [J].
Snapp, RR .
UNCERTAINTY IN GEOMETRIC COMPUTATIONS, 2002, 704 :155-164
[44]   A neighbor propagation clustering algorithm for intrusion detection [J].
Li Z. .
Revue d'Intelligence Artificielle, 2020, 34 (03) :331-336
[45]   Automated Computer-Aided Diagnosis of Diabetic Retinopathy Based on Segmentation and Classification using K-nearest neighbor algorithm in retinal images [J].
KAUR, J. A. S. P. R. E. E. T. ;
KAUR, P. R. A. B. H. P. R. E. E. T. .
COMPUTER JOURNAL, 2023, 66 (08) :2011-2032
[46]   An improved K-nearest-neighbor algorithm for text categorization [J].
Jiang, Shengyi ;
Pang, Guansong ;
Wu, Meiling ;
Kuang, Limin .
EXPERT SYSTEMS WITH APPLICATIONS, 2012, 39 (01) :1503-1509
[47]   NAIVE BAYESIAN AND K-NEAREST NEIGHBOUR TO CATEGORIZE ARABIC TEXT DATA [J].
Hadi, Wa'el Musa ;
Thabtah, Fadi ;
Hawari, Samer A. L. ;
Ababneh, Jafar .
EUROPEAN SIMULATION AND MODELLING CONFERENCE 2008, 2008, :196-200
[48]   Weighted k Nearest Neighbour-based Cooperation Intrusion Detection System for Wireless Sensor Networks [J].
Pan, Julong ;
Hu, Linglong ;
Li, Wenjin ;
Cui, Hui ;
Li, Ziyin .
INFORMATION TECHNOLOGY APPLICATIONS IN INDUSTRY, PTS 1-4, 2013, 263-266 :2972-+
[49]   A Study on Intrusion Detection Model Based on Hybrid Classifier [J].
Liu, Kewen ;
Yang, Qingbo .
INTERNATIONAL CONFERENCE ON GRAPHIC AND IMAGE PROCESSING (ICGIP 2012), 2013, 8768
[50]   Voting Classifier and Metaheuristic Optimization for Network Intrusion Detection [J].
Khafaga, Doaa Sami ;
Karim, Faten Khalid ;
Abdelhamid, Abdelaziz A. ;
El-kenawy, El-Sayed M. ;
Alkahtani, Hend K. ;
Khodadadi, Nima ;
Hadwan, Mohammed ;
Ibrahim, Abdelhameed .
CMC-COMPUTERS MATERIALS & CONTINUA, 2023, 74 (02) :3183-3198
12345