Network intrusion detection based on system calls and data mining

被引：0

作者：

Xinguang Tian

Xueqi Cheng

Miyi Duan

Rui Liao

Hong Chen

Xiaojuan Chen

机构：

[1] Chinese Academy of Sciences,Institute of Computing Technology

[2] Beijing Jiaotong University,Institute of Computing Technology

[3] Zhengzhou Information Science and Technology Institute,College of Computer and Information Engineering

[4] Beijing Technology and Business University,undefined

来源：

Frontiers of Computer Science in China | 2010年 / 4卷

关键词：

intrusion detection; data mining; system call; anomaly detection;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Anomaly intrusion detection is currently an active research topic in the field of network security. This paper proposes a novel method for detecting anomalous program behavior, which is applicable to host-based intrusion detection systems monitoring system call activities. The method employs data mining techniques to model the normal behavior of a privileged program, and extracts normal system call sequences according to their supports and confidences in the training data. At the detection stage, a fixed-length sequence pattern matching algorithm is utilized to perform the comparison of the current behavior and historic normal behavior, which is less computationally expensive than the variable-length pattern matching algorithm proposed by Hofmeyr et al. At the detection stage, the temporal correlation of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for online detection. It has been applied to practical hosted-based intrusion detection systems, and has achieved high detection performance.

引用

页码：522 / 528

页数：6

共 33 条

[1]

Tian X. G.(2008)Intrusion detection based on system calls and homogeneous Markov chains Journal of Systems Engineering and Electronics 19 598-605

[2]

Duan M. Y.(2008)Anomaly detection of user behavior based on shell commands and homogeneous Markov chains Chinese Journal of Electronics 17 231-236

[3]

Sun C. L.(2005)Intrusion detection using an ensemble of intelligent paradigms Journal of Network and Computer Applications 28 167-182

[4]

Li W. F.(2004)A clustering-based anomaly intrusion detector for a host computer IEICE Transactions on Information and Systems. E (Norwalk, Conn.) 87-D 2086-2094

[5]

Tian X. G.(2002)An anomaly intrusion detection method based on HMM Electronics Letters 38 663-664

[6]

Duan M. Y.(2003)An empirical study of two approaches to sequence learning for anomaly detection Machine Learning 51 73-107

[7]

Li W. F.(1999)Intrusion detection using sequences of system calls Journal of Computer Security 6 151-180

[8]

Sun C. L.(2002)Multivariate statistical analysis of audit trails for host-based intrusion detection IEEE Transactions on Computers 51 810-820

[9]

Mukkamala S.(2002)Intrusion detection techniques and approaches Computer Communications 25 1356-1365

[10]

Sung A. H.(2006)A method for anomaly detection of user behaviors based on machine learning The Journal of China Universities of Post and Telecommunications 13 61-65

← 1 2 3 4 →