A Fast Host-Based Intrusion Detection System Using Rough Set Theory
|
|
- Magdalen Cole
- 8 years ago
- Views:
Transcription
1 A Fast Host-Based Intrusion Detection System Using Rough Set Theory Sanjay Rawat 1,2, V P Gulati 2, and Arun K Pujari 1 1 AI Lab, Dept. of Computer and Information Sciences University of Hyderabad, Hyderabad , INDIA sanjayr@idrbt.ac.in, akpcs@uohyd.ernet.in 2 IDRBT Castle Hills, Road No.1 Masab Tank, Hyderabad , INDIA vp.gulati@tcs.com Abstract. Intrusion Detection system has become the main research focus in the area of information security. Last few years have witnessed a large variety of technique and model to provide increasingly efficient intrusion detection solutions. We advocate here that the intrusive behavior of a process is highly localized characteristics of the process. There are certain smaller episodes in a process that make the process intrusive in an otherwise normal stream. As a result it is unnecessary and most often misleading to consider the whole process in totality and to attempt to characterize its abnormal features. In the present work we establish that subsequences of reasonably small length of sequence of system calls would suffice to identify abnormality in a process. We make use of rough set theory to demonstrate this concept. Rough set theory also facilitates identifying rules for intrusion detection. The main contributions of the paper are the following- (a) It is established that very small subsequence of system call is sufficient to identify intrusive behavior with high accuracy. We demonstrate our result using DARPA 98 BSM data; (b) A rough set based system is developed that can extract rules for intrusion detection; (c) An algorithm is presented that can determine the status of a process as either normal or abnormal on-line. Keywords:Data mining, Decision Table, Rough Set, Intrusion Detection, Anomaly, Misuse. 1 Introduction Intrusion detection systems (IDSs) have become a major area of research and product development. They work on the premise that intrusions can be detected through examinations of various parameters such as network traffic, CPU utilization, I/O utilization, user location, and various file activities. Based on the various approaches, different types of IDS are proposed in the literature. On the basis of audit data, there are two types of IDS. The network-based systems collect data directly from the network that is being monitored, in the form of packets
2 [29] and the host-based systems collect data from the host being protected [2]. Based on processing of data to detect attacks, IDS can also be classified into two types misuse-based systems and anomaly-based systems. While the former keeps the signatures of known attacks in the database and compares new instances with the stored signatures to find attacks, the latter learns the normal behavior of the monitored system and then looks out for any deviation in it for signs of intrusions. It is clear that misuse based IDS cannot detect new attacks and we have to add manually any new attack signature in the list of known patterns. IDS based on anomaly detection, on the other hand, are capable of detecting new attacks as any attack is assumed to be different from normal activity. However anomaly based IDS sometimes sets false alarms because it cannot differentiate properly between deviations due to authentic user s activity and that of an intruder. Among various IDS approaches, signature-analysis stores patterns of attacks as semantic descriptions [21]. The main drawback of the signature analysis technique, like all misuse-based approaches, is the need for frequent updates to keep up with the stream of new vulnerabilities/attacks discovered. Rule-based intrusion detection [34][20][13] assumes that intrusion attempts can be characterized by sequences of events that lead to the state of compromised-system. Such systems are characterized by their expert system properties that fire rules when audit records or system status information begin to indicate suspicious activity. The main limitations of this approach are the difficulty of extracting knowledge about attacks and the processing speed. State transition analysis technique describes an attack with a set of goals and transitions, and represents them as state transition diagrams [18][19][32]. The most widely used approach of anomaly-based intrusion detection is statistical [16][27]. User or system behavior is measured by a number of variables sampled over time and stored in a profile. The current behavior of each user is maintained in a profile. At regular intervals the current profile is merged with the stored profile. Anomalous behavior is determined by comparing the current profile with the stored profile. Forrest et al [11][12] suggest that system calls trace of a process under normal execution can be taken as its normal behavior in terms of system calls, as variation in sequences of system calls is very small. On the other hand, this variation is relatively higher when compared to a sequence of system calls under abnormal execution. This variation can be attributed to the presence of one or more alien (thus malicious) subsequences in the abnormal process. It should be noted that not all the subsequences of an abnormal process are malicious. Thus intrusive part should be detectable as a subsequence of the whole abnormal sequence of the process. In this paper we present a technique of discovering rules for intrusion detection. We make use of rough set theory for this purpose. To best of our knowledge, Lin was the first to propose the idea of applying rough sets to the problem of anomaly detection [25]. Though the paper lacks the experimental results [25], it provides some solid theoretical background. The following two theorems are important:
3 1. Every sequence of records in computer has a repeating sequence 2. If the audit trail is long enough, then there are repeating records Following the argument of Forrest et al and in the view of above theorems, our approach is based on subsequences of system calls. We formulate the problem as a classification problem by writing the set of subsequences as a decision table. The proposed method is a combination of signature-based and anomaly based approaches. A program behavior is monitored as a sequence of system calls. These sequences are further converted into the subsequences of shorter length. These subsequences are considered as the signatures for malicious as well as normal activities. By doing so, one of the disadvantages of signature-based approach of frequently updating the signature database can be avoided. Empirical results show that the proposed system is able to detect new abnormal activities without updating the signatures. Further, these signatures are represented in the form of IF-THEN type decision rules. The advantage of representing signatures in this form is that such signatures are easy to interpret for further analysis. Rough set theory is used to induce decision rules. Rules induced by using rough set theory are very compact because before inducing rules, all the redundant features of the audit data are removed. This makes the matching of rules faster, thus making the system suitable for on-line detection. The proposed system is also fast in the sense that process is compared, in parts, as it starts calling system calls. So we do not have to wait until it exits. The major contributions of the paper are: It is established empirically that short sequences of system calls are sufficient to detect intrusive behavior with high accuracy; A rough set based approach is developed that can extract decision rules for intrusion detection; An algorithm is presented that can classify a process as normal or abnormal on-line. Rest of the paper is organized as follows: Section 2 gives an overview of research work on process profiling using sliding window approaches and learning rules for intrusion detection. Section 3 presents some preliminary background to understand the approach. A detailed description of the proposed scheme is given in the section 4. Section 5 covers the experimental setup and analysis of the results. Section 6 concludes the paper. 2 Related Work Recently, process monitoring for the sign of intrusions has attracted the attention of many researchers and active research is being done in this area. In the approach, called time-delay embedding (tide), initiated by Forrest et al [11][12], normal behavior of processes is captured because programs show a stable behavior over the period of time under normal execution. In this approach, short
4 attribute values. Knowledge representation is very simple and learning rate is very fast as compared to other techniques. Our study shows that it is possible to detect an attack by mare looking at some portion of the abnormal process. This reduces the dimension of the data to be processed and thus makes the subsequent computations much faster. The decision rules induced by rough set theory are easy to interpret and thus can be useful in further analyzing the events. We have tested our scheme by conducting experiments on DARPA 98 data. Empirical results, reported in the paper, justify our approach of making use of rough set for intrusion detection. As our future work, we intend to use the concept of incremental learning so that new rules can be learnt without retraining on whole data. We are also analyzing the IF-THEN rules to better understand the relationship among system calls to gain more insight about attacks. Our future work also includes to combine rough set method with other learning techniques, e.g. neural networks to propose a more robust IDS in terms of accuracy. Acknowledgement The authors are thankful to anonymous reviewers for their useful comments to improve the presentation and quality of the paper. The first author is associated with IDRBT as research fellow and thankful to IDRBT for providing financial assistance and infrastructure to carry out this work. The third author is thankful to MIT, India for its funding. References 1. An A., Huang Y., Huang X., Cercone N.: Feature Selection with Rough Sets for Web Page Classification. In Dubois D., Grzymala-Busse J.W., Inuiguchi M., and Polkowski L. (eds), Rough Sets and Fuzzy Sets, Springer-Verlag (2004) 2. Bace R., Mell P.: NIST special publication on intrusion detection system. SP800-31, NIST, Gaithersburg, MD (2001) 3. Bazan J.: A Comparison of Dynamic and non-dynamic Rough Set Methods for Extracting Laws from Decision Tables, In: Skowron A., Polkowski L.(ed.), Rough Sets in Knowledge Discovery 1, Physica-Verlag, Heidelberg, (1998) Bazan J., Nguyen H. S., Nguyen S. H., Synak P., and Wrblewski J.: Rough set algorithms in classification problem. In: Polkowski L., Tsumoto S., Lin T.Y. (eds.), Rough Set Methods and Applications, Physica-Verlag, Heidelberg, (2000) Bazan J. G., Szczuka M. S., Wrblewski A.: A New Version of Rough Set Exploration System. In: Proceedings of the Third International Conference on Rough Sets and Current Trends in Computing RSCTC, Malvern, PA, Lecture Notes in Artificial Intelligence vol. 2475, Springer-Verlag (2002) Available at: 6. Cabrera J. B. D., Ravichandran B., Mehra R. K.: Detection and classification of intrusions and faults using sequences of system calls. In: ACM SIGMOD Record, Special Issue: Special Section on Data Mining for Intrusion Detection and treat Analysis, Vol. 30(4) (2001) 25-34
5 7. Cai Z., Guan X., Shao P., Peng Q., Sun G.: A Rough Set Theory Based Method for Anomaly intrusion Detection in Computer Network Systems. J Expert System 20(5) (2003) Cios K., Pedrycz W., Swiniarski Roman W.: Data mining methods for Knowledge discovery. Kluwer Academic Publisher USA, (2000) 9. DARPA 1998 Data Set, MIT Lincoln Laboratory, available at: index.html 10. Delic D., Lenz Hans-J, Neiling M.: Improving the Quality of Association Rule Mining by Means of Rough Sets. In: Proceedings of the First International Workshop on Soft Methods in Probability and Statistics (SMPS 02), Warsaw (poland) (2002) 11. Forrest S., Hofmeyr S. A., Somayaji A.: Computer Immunology. Communications of the ACM, 40(10) (1997) Forrest S., Hofmeyr S. A., Somayaji A., Longstaff T. A.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. Los Alamitos, CA. IEEE Computer Society Press, (1996) Garvey T., Lunt T. F.: Model-based Intrusion Detection. In: Proceedings of the 14th National Computer Security Conference. (1991) Grzymala-Busse J. W.: A New Version of the Rule Induction System LERS. Fundamenta Informaticae, 31(1) (1997) Guan J. W., Bell D. A., Liu D. Y.: The Rough Set Approach to Association Rule Mining. In: Proceedings of the Third IEEE International Conference on Data Mining (ICDM 03), (2003) 16. Helman P., Liepins G.: Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. IEEE Transactions on Software Engineering, 19(9) (1993) Hofmeyr S. A., Forrest A., Somayaji A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 6 (1998) Ilgun K.: USTAT: A Real-Time Intrusion Detection System for UNIX. In: Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy. (1993) Ilgun K., Kemmerer R. A., Porras P. A.: State Transition Analysis: A Rule-Based Intrusion Detection Approach. IEEE Transactions on Software Engineering 21(3) (1995) Kemmerer R. A.: NSTAT: A Model-based Real-time Network Intrusion Detection System. Technical Report, Number TRCS97-18, Computer Science, University of California, Santa Barbara. (1998) 21. Kumar S., Spafford E.: A Pattern-Matching Model for Intrusion Detection. In: Proceedings National Computer Security Conference, (1994) Lee W., Stolfo S., Chan P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: Proceedings of the AAAI97 workshop on AI methods in Fraud and risk management. AAAI Press. (1997) Lee W., Stolfo Salvatore J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium (SECURITY-98), Usenix Association, January (1998) Lian-hua Z., Guan-hua Z., Lang YU., Jie Z., Ying-cai B.: Intrusion Detection Using Rough Set Classification. Journal of Zhejiang University SCIENCE Vol. 5(9) (2004) Lin T. Y.: Anomaly Detection: A Soft Computing Approach. In: Proceedings of the 1994 Workshop on New Security Paradigms, Little Compton, Rhode Island, United States, IEEE Computer Society Press (1994) 44-53
6 26. Lingras P.: Rough Set Clustering for Web Mining. In: Proceedings of the IEEE International Conference on Fuzzy Systems 2002, Honolulu, Hawaii (2002) 27. Lunt T. F.: Using Statistics to Track Intruders. In: Proceedings of the Joint Statistical Meetings of the American Statistical Association (1990) 28. Lunt T. F., Tamaru A., Gilham F., Jagannathan R., Neumann P. G., Javitz H. S., Valdes A., Garvey T. D.: A Real-Time Intrusion Detection Expert System (IDES) Technical Report, SRI Computer Science Laboratory (1992) 29. Mukherjee B., Heberlein L. T., Levitt K. N.: Network Intrusion Detection. IEEE Network. 8(3) (1994) Mukkamala R., Gagnon J., Jajodia S.: Integrating Data Mining Techniques with Intrusion detection Methods. In: Research Advances in database and Information System Security: IFIPTCII, 13th working conference on Database security, July, USA, Kluwer Academic Publishers (2000) 31. Pawlak Z.: Rough sets: Theoretical aspects of reasoning about data. Kluwer Academic Publishers, Dordrecht (1991) 32. Porras P. A.: STAT A State Transition Analysis Tool For Intrusion Detection. Technical Report, Number TRCS93-25, Computer Science. University of California, Santa Barbara (1993) 33. Rawat S., Gulati V. P., Pujari A. K.: Frequecy And Ordering Based Similarity Measure For Host Based Intrusion Detection. J Information Management and Computer Security. 12(5), Emerald Press (2004) Sebring M. M., Shellhouse E., Hanna M. E., Whitehurst R. A.: Expert System in Intrusion Detection: A Case Study. In: Proceedings of the 11th National Computer Security Conference, (1988) Stefanowski J.: On Rough Set Based Approaches to Induction of Decision Rules. In: Polkowski L, Skowron A (eds) Rough Sets in Data Mining and Knowledge Discovery, vol 1. Physica Verlag, Heidelberg. (1998) Tandon G., Chan P.: Learning Rules from System Calls Arguments and Sequences for Anomaly Detection. In: ICDM Workshop on Data Mining for Computer Security (DMSEC), Melbourne, FL. (2003) Warrender C., Forrest S., Pearlmutter B.: Detecting Intrusions Using System Calls: Alternative Data Modelss. In: IEEE Symposium on Security and Privacy (1999) 38. Wespi A., Dacier M., Debar H.: Intrusion Detection Using Variable-Length Audit Trail Patter. In : LNCS # 1907, RAID Toulouse, France. (2000) Zhu D., Premkumar G., Zhang X., Chu Chao-Hsien: Data mining for Network Intrusion Detection: A comparison of alternative methods. J. Decision Sciences 32(4) (2001)
Using Program Behavior Proles for Intrusion Detection Anup K. Ghosh, Aaron Schwartzbard, & Michael Schatz Reliable Software Technologies Corporation 21515 Ridgetop Circle, #250, Sterling, VA 20166 phone:
More informationA FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING. Mahmood Hossain and Susan M. Bridges
A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING Mahmood Hossain and Susan M. Bridges Department of Computer Science Mississippi State University, MS 39762, USA E-mail: {mahmood,
More informationUsing Program Behavior Proæles for Intrusion Detection æ Anup K. Ghosh, Aaron Schwartzbard, & Michael Schatz Reliable Software Technologies Corporation 21515 Ridgetop Circle, è250, Sterling, VA 20166 phone:
More informationFUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION. Abstract
FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION Susan M. Bridges, Associate Professor Rayford B. Vaughn, Associate Professor Department of Computer Science Mississippi State University
More informationMODERN INTRUSION DETECTION, DATA MINING, AND DEGREES OF ATTACK GUILT
MODERN INTRUSION DETECTION, DATA MINING, AND DEGREES OF ATTACK GUILT Steven Noel Center for Secure Information Systems George Mason University, Fairfax VA 22030-4444, USA snoel@gmu.edu Duminda Wijesekera
More informationThe Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
More informationIJTC.ORG REVIEW OF IDS SYSTEM IN LARGE SCALE ADHOC NETWORKS
REVIEW OF IDS SYSTEM IN LARGE SCALE ADHOC NETWORKS Palamdeep a,, Dr.Parminder Singh b a MTech Student, k.palambrar@gmail.com,chandigarh Engineering College,Landran,Punjab,India b Assistant Professor, singh.parminder06@gmail.com,chandigarh
More informationComputer Network Intrusion Detection, Assessment And Prevention Based on Security Dependency Relation
Computer Network Intrusion Detection, Assessment And Prevention Based on Security Dependency Relation Stephen S. Yau and Xinyu Zhang Computer Science and Engineering Department Arizona State University
More informationArtificial Neural Networks for Misuse Detection
Artificial Neural Networks for Misuse Detection James Cannady School of Computer and Information Sciences Nova Southeastern University Fort Lauderdale, FL 33314 cannadyj@scis.nova.edu Abstract Misuse detection
More informationIncorporating Soft Computing Techniques Into a Probabilistic Intrusion Detection System
154 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 32, NO. 2, MAY 2002 Incorporating Soft Computing Techniques Into a Probabilistic Intrusion Detection System
More informationFUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION
FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION Susan M. Bridges Bridges@cs.msstate.edu Rayford B. Vaughn vaughn@cs.msstate.edu 23 rd National Information Systems Security Conference
More informationHybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume1 Issue 3 Dec 2012 Page No. 151-155 Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
More informationApplication of Data Mining Techniques in Intrusion Detection
Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as
More informationNeural Networks for Intrusion Detection and Its Applications
, July 3-5, 2013, London, U.K. Neural Networks for Intrusion Detection and Its Applications E.Kesavulu Reddy, Member IAENG Abstract: With rapid expansion of computer networks during the past decade, security
More informationHost-Based Intrusion Detection Using User Signatures
Host-Based Intrusion Detection Using User Signatures Seth Freeman Rensselaer olytechnic Institute 110 8th Street freems@cs.rpi.edu Alan Bivens Rensselaer olytechnic Institute 110 8 th street bivenj@cs.rpi.edu
More informationDETECTION OF DDOS ATTACKS USING DATA MINING
DETECTION OF DDOS ATTACKS USING DATA MINING Kanwal Garg 1, Rshma Chawla 2 1 Assoc.Prof., M.M. Institute of Computer Technology & Business Management, M. M. University, Mullana- Ambala. Email id: gargkanwal@yahoo.com
More informationHost-based Bottleneck Verification Efficiently Detects Novel Computer Attacks 1
Host-based Bottleneck Verification Efficiently Detects Novel Computer Attacks 1 Robert K. Cunningham, Richard P. Lippmann, David Kassay, Seth E. Webster, Marc A. Zissman MIT Lincoln Laboratory 244 Wood
More informationModeling System Calls for Intrusion Detection with Dynamic Window Sizes
Modeling System Calls for Intrusion Detection with Dynamic Window Sizes Eleazar Eskin Computer Science Department Columbia University 5 West 2th Street, New York, NY 27 eeskin@cs.columbia.edu Salvatore
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationComputers and Electrical Engineering
Computers and Electrical Engineering 35 (2009) 517 526 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: www.elsevier.com/locate/compeleceng A hybrid intrusion
More informationCHAPTER VII CONCLUSIONS
CHAPTER VII CONCLUSIONS To do successful research, you don t need to know everything, you just need to know of one thing that isn t known. -Arthur Schawlow In this chapter, we provide the summery of the
More informationModelling Complex Patterns by Information Systems
Fundamenta Informaticae 67 (2005) 203 217 203 IOS Press Modelling Complex Patterns by Information Systems Jarosław Stepaniuk Department of Computer Science, Białystok University of Technology Wiejska 45a,
More informationDistributed Intrusion Detection System Using Mobile Agent Technology
Distributed Intrusion Detection System Using Mobile Agent Technology Kajal K. Nandeshwar, Komal B. Bijwe Department of Computer Science and Engineering, P. R. Pote (Patil) College of Engineering, Amravati,
More informationNetwork packet payload analysis for intrusion detection
Network packet payload analysis for intrusion detection Sasa Mrdovic Abstract This paper explores possibility of detecting intrusions into computer networks using network packet payload analysis. Quick
More informationA PEER-BASED HARDWARE PROTOCOL FOR INTRUSION DETECTION SYSTEMS
A PEER-BASED HARDWARE PROTOCOL FOR INTRUSION DETECTION SYSTEMS Major Gregory B. White and Captain Mark L. Huson Department of Computer Science United States Air Force Academy USAF Academy, Colorado 80840
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationThe Application of Artificial Neural Networks to Misuse Detection: Initial Results
The Application of Artificial Neural Networks to Misuse Detection: Initial Results James Cannady James Mahaffey Georgia Tech Research Institute Georgia Tech Research Institute Georgia Institute of Technology
More informationA Data Mining Framework for Building Intrusion Detection Models 1
A Data Mining Framework for Building Intrusion Detection Models 1 Wenke Lee Salvatore J. Stolfo Kui W. Mok Computer Science Department, Columbia University 500 West 120th Street, New York, NY 10027 {wenke,sal,mok}@cs.columbia.edu
More informationA SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM
A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet
More informationAn Artificial Immune Model for Network Intrusion Detection
An Artificial Immune Model for Network Intrusion Detection Jungwon Kim and Peter Bentley Department of Computer Science, University Collge London Gower Street, London, WC1E 6BT, U. K. Phone: +44-171-380-7329,
More informationON THE LEARNING OF SYSTEM CALL ATTRIBUTES FOR HOST-BASED ANOMALY DETECTION
International Journal on Artificial Intelligence Tools c World Scientific Publishing Company ON THE LEARNING OF SYSTEM CALL ATTRIBUTES FOR HOST-BASED ANOMALY DETECTION GAURAV TANDON Department of Computer
More informationA Neural Network Based System for Intrusion Detection and Classification of Attacks
A Neural Network Based System for Intrusion Detection and Classification of Attacks Mehdi MORADI and Mohammad ZULKERNINE Abstract-- With the rapid expansion of computer networks during the past decade,
More informationNetwork Intrusion Detection Systems
Network Intrusion Detection Systems False Positive Reduction Through Anomaly Detection Joint research by Emmanuele Zambon & Damiano Bolzoni 7/1/06 NIDS - False Positive reduction through Anomaly Detection
More informationDesigning Intrusion Detection System for Web Documents Using Neural Network
Communication and Network, 2010, 2, 54-61 doi:10.4236/cn.2010.21008 Published Online February 2010 (http://www.scirp.org/journal/cn) Designing Intrusion Detection System for Web Documents Using Neural
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationTowards Cyber Defense: Research in Intrusion Detection and Intrusion Prevention Systems
316 IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.7, July 2010 Towards Cyber Defense: Research in Intrusion Detection and Intrusion Prevention Systems Mohammad A. Faysel,
More informationMining Audit Data to Build Intrusion Detection Models
Mining Audit Data to Build Intrusion Detection Models Wenke Lee and Salvatore J. Stolfo and Kui W. Mok Computer Science Department Columbia University 500 West 120th Street, New York, NY 10027 {wenke,sal,mok}@cs.columbia.edu
More informationEfficient Security Alert Management System
Efficient Security Alert Management System Minoo Deljavan Anvary IT Department School of e-learning Shiraz University Shiraz, Fars, Iran Majid Ghonji Feshki Department of Computer Science Qzvin Branch,
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationHYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK
HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK 1 K.RANJITH SINGH 1 Dept. of Computer Science, Periyar University, TamilNadu, India 2 T.HEMA 2 Dept. of Computer Science, Periyar University,
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationA Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection
A Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection Ren Hui Gong, Mohammad Zulkernine, Purang Abolmaesumi School of Computing Queen s University Kingston, Ontario,
More informationLearning Program Behavior Proles for Intrusion Detection Anup K. Ghosh, Aaron Schwartzbard & Michael Schatz Reliable Software Technologies Corporation 21515 Ridgetop Circle, #250, Sterling, VA 20166 phone:
More informationNetwork Intrusion Detection Types and Computation
1 Network Intrusion Detection Types and Computation Purvag Patel, Chet Langin, Feng Yu, and Shahram Rahimi Southern Illinois University Carbondale, Carbondale, IL, USA Abstract Our research created a network
More informationInclusion degree: a perspective on measures for rough set data analysis
Information Sciences 141 (2002) 227 236 www.elsevier.com/locate/ins Inclusion degree: a perspective on measures for rough set data analysis Z.B. Xu a, *, J.Y. Liang a,1, C.Y. Dang b, K.S. Chin b a Faculty
More informationData Mining for Network Intrusion Detection: A Comparison of Alternative Methods *
Decision Sciences Volume 32 Number 4 Fall 2001 Printed in the U.S.A. Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods * Dan Zhu and G. Premkumar Department of Logistics,
More informationAn Overview of Intrusion Detection System (IDS) along with its Commonly Used Techniques and Classifications
International Journal of Computer Science and Telecommunications [Volume 5, Issue 2, February 2014] 20 An Overview of Intrusion Detection System (IDS) along with its Commonly Used Techniques and Classifications
More informationKeywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap
Intelligent Monitoring System A network based IDS SONALI M. TIDKE, Dept. of Computer Science and Engineering, Shreeyash College of Engineering and Technology, Aurangabad (MS), India Abstract Network security
More informationData collection mechanisms for intrusion detection systems
Data collection mechanisms for intrusion detection systems Eugene Spafford Diego Zamboni Center for Education and Research in Information Assurance and Security 1315 Recitation Building Purdue University
More informationHost-based Intrusion Detection System using Sequence of System Calls
Volume-4, Issue-2, April-2014, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page : 241-247 Host-based Intrusion Detection System using Sequence
More informationTowards a Practical Approach to Discover Internal Dependencies in Rule-Based Knowledge Bases
Towards a Practical Approach to Discover Internal Dependencies in Rule-Based Knowledge Bases Roman Simiński, Agnieszka Nowak-Brzezińska, Tomasz Jach, and Tomasz Xiȩski University of Silesia, Institute
More informationIntrusion Detection via Machine Learning for SCADA System Protection
Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationProtecting Against Cyber Threats in Networked Information Systems
Protecting Against Cyber Threats in Networked Information Systems L. Ertoz a,b, A. Lazarevic a,b, E. Eilertson a,b, Pang-Ning Tan a,b, Paul Dokas a,, V. Kumar a,b, Jaideep Srivastava a,b a Dept. of Computer
More informationChalmers Publication Library
Chalmers Publication Library Survey of Intrusion Detection Research This document has been downloaded from Chalmers Publication Library (CPL). It is the author s version of a work that was accepted for
More informationIntrusion Detection for Grid and Cloud Computing
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal University of Santa Catarina, Brazil Content Type
More informationSTANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS
STANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS Athira A B 1 and Vinod Pathari 2 1 Department of Computer Engineering,National Institute Of Technology Calicut, India
More informationIntrusion Detection Systems. Overview. Evolution of IDSs. Oussama El-Rawas. History and Concepts of IDSs
Intrusion Detection Systems Oussama El-Rawas History and Concepts of IDSs Overview A brief description about the history of Intrusion Detection Systems An introduction to Intrusion Detection Systems including:
More informationIntrusion Detection through Dynamic Software Measurement
Intrusion Detection through Dynamic Software Measurement Sebastian Elbaum John C Munson Computer Science Department University of Idaho Moscow, ID 83844-1010 {elbaum, jmunson}@csuidahoedu Abstract The
More informationA Survey on Intrusion Detection System with Data Mining Techniques
A Survey on Intrusion Detection System with Data Mining Techniques Ms. Ruth D 1, Mrs. Lovelin Ponn Felciah M 2 1 M.Phil Scholar, Department of Computer Science, Bishop Heber College (Autonomous), Trichirappalli,
More informationUsing System Call Information to Reveal Hidden Attack Manifestations
Using System Call Information to Reveal Hidden Attack Manifestations Ulf E. Larson Dennis K. Nilsson Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology, Göteborg,
More informationIntrusion Detection Techniques
Intrusion Detection Techniques Peng Ning, North Carolina State University Sushil Jajodia, George Mason University Introduction Anomaly Detection Statistical Models Machine Learning and Data Mining Techniques
More informationA DETECTOR GENERATING ALGORITHM FOR INTRUSION DETECTION INSPIRED BY ARTIFICIAL IMMUNE SYSTEM
A DETECTOR GENERATING ALGORITHM FOR INTRUSION DETECTION INSPIRED BY ARTIFICIAL IMMUNE SYSTEM Walid Mohamed Alsharafi and Mohd Nizam Omar Inter Networks Research Laboratory, School of Computing, College
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationTerran Lane and Carla E. Brodley
From: AAAI Technical Report WS-98-07. Compilation copyright 1998, AAAI (www.aaai.org). All rights reserved. Approaches to Online Learning and Concept Drift for User Identification in Computer Security
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationSome Research Challenges for Big Data Analytics of Intelligent Security
Some Research Challenges for Big Data Analytics of Intelligent Security Yuh-Jong Hu hu at cs.nccu.edu.tw Emerging Network Technology (ENT) Lab. Department of Computer Science National Chengchi University,
More informationSystem for Denial-of-Service Attack Detection Based On Triangle Area Generation
System for Denial-of-Service Attack Detection Based On Triangle Area Generation 1, Heena Salim Shaikh, 2 N Pratik Pramod Shinde, 3 Prathamesh Ravindra Patil, 4 Parag Ramesh Kadam 1, 2, 3, 4 Student 1,
More informationLayered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks Lohith Raj S N, Shanthi M B, Jitendranath Mungara Abstract Protecting data from the intruders
More informationFalse Positives Reduction Techniques in Intrusion Detection Systems-A Review
128 False Positives Reduction Techniques in Intrusion Detection Systems-A Review Asieh Mokarian, Ahmad Faraahi, Arash Ghorbannia Delavar, Payame Noor University, Tehran, IRAN Summary During the last decade
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationTwo State Intrusion Detection System Against DDos Attack in Wireless Network
Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.
More informationHoney Bee Intelligent Model for Network Zero Day Attack Detection
Honey Bee Intelligent Model for Network Zero Day Attack Detection 1 AMAN JANTAN, 2 ABDULGHANI ALI AHMED School of Computer Sciences, Universiti Sains Malaysia (USM), Penang, Malaysia 1 aman@cs.usm.my,
More informationNetwork Security Using Job Oriented Architecture (SUJOA)
www.ijcsi.org 222 Network Security Using Job Oriented Architecture (SUJOA) Tariq Ahamad 1, Abdullah Aljumah 2 College Of Computer Engineering & Sciences Salman Bin Abdulaziz University, KSA ABSTRACT In
More informationCredit Card Fraud Detection Using Self Organised Map
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 13 (2014), pp. 1343-1348 International Research Publications House http://www. irphouse.com Credit Card Fraud
More informationIDS IN TELECOMMUNICATION NETWORK USING PCA
IDS IN TELECOMMUNICATION NETWORK USING PCA Mohamed Faisal Elrawy 1, T. K. Abdelhamid 2 and A. M. Mohamed 3 1 Faculty of engineering, MUST University, 6th Of October, Egypt eng_faisal1989@yahoo.com 2,3
More informationIntrusion Detection System using Log Files and Reinforcement Learning
Intrusion Detection System using Log Files and Reinforcement Learning Bhagyashree Deokar, Ambarish Hazarnis Department of Computer Engineering K. J. Somaiya College of Engineering, Mumbai, India ABSTRACT
More informationAn Improved Hidden Markov Model for Anomaly Detection Using Frequent Common Patterns
An Improved Hidden Markov Model for Anomaly Detection Using Frequent Common Patterns Afroza Sultana and Abdelwahab Hamou-Lhadj Software Behavioural Analysis Research Lab Department of Electrical and Computer
More informationPROBE: A Process Behavior-Based Host Intrusion Prevention System
PROBE: A Process Behavior-Based Host Intrusion Prevention System Minjin Kwon, Kyoochang Jeong, and Heejo Lee Department of Computer Science and Engineering, Korea University, Seoul 136-713, Korea {mjkwon,kyoochang,heejo}@korea.ac.kr
More informationThe Human Immune System and Network Intrusion Detection
The Human Immune System and Network Intrusion Detection Jungwon Kim and Peter Bentley Department of Computer Science, University Collge London Gower Street, London, WC1E 6BT, U. K. Phone: +44-171-380-7329,
More informationA Survey on Intrusion Detection using Data Mining Technique
A Survey on Intrusion Detection using Data Mining Technique D. Shona, A.Shobana Assistant Professor, Dept. of Computer Science, Sri Krishna Arts & Science College, Coimbatore, India 1 M.Phil. Scholar,
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationDetecting Novel Network Intrusions Using Bayes Estimators
Detecting Novel Network Intrusions Using Bayes Estimators Daniel Barbará, Ningning Wu, and Sushil Jajodia 1 Introduction From the first appearance of network attacks, the internet worm, to the most recent
More informationPerformance Evaluation of Intrusion Detection Systems using ANN
Performance Evaluation of Intrusion Detection Systems using ANN Khaled Ahmed Abood Omer 1, Fadwa Abdulbari Awn 2 1 Computer Science and Engineering Department, Faculty of Engineering, University of Aden,
More informationClassification of IDS Alerts with Data Mining Techniques
International Journal of Electronic Commerce Studies Vol.5, No.1, pp.1-6, 2014 Classification of IDS Alerts with Data Mining Techniques Hany Nashat Gabra Computer and Systems Engineering Department, Ain
More informationHow To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
More informationDesign and Develop an Intrusion Detection System Using Component Based Software Design
Design and Develop an Intrusion Detection System Using Component Based Software Design Er. Mohit Angurala, Er. Malti Rani 1,2 (Computer Science Deptt, Punjab Institute of Technology (PTU Main Campus Kapurthala/
More informationA SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS
Journal homepage: www.mjret.in ISSN:2348-6953 A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS P.V.Sawant 1, M.P.Sable 2, P.V.Kore 3, S.R.Bhosale 4 Department
More informationDNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm
DNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm by Liwei (Vivian) Kuang A thesis submitted to the School of Computing in conformity with the requirements for the degree
More informationA survey on Data Mining based Intrusion Detection Systems
International Journal of Computer Networks and Communications Security VOL. 2, NO. 12, DECEMBER 2014, 485 490 Available online at: www.ijcncs.org ISSN 2308-9830 A survey on Data Mining based Intrusion
More informationIntrusion Detection Systems vs. Intrusion Prevention Systems. Sohkyoung (Michelle) Cho ACC 626
Intrusion Detection Systems vs. Intrusion Prevention Systems Sohkyoung (Michelle) Cho ACC 626 1.0 INTRODUCTION An increasing number of organizations use information systems to conduct their core business
More informationData Mining for Network Intrusion Detection
Data Mining for Network Intrusion Detection S Terry Brugger UC Davis Department of Computer Science Data Mining for Network Intrusion Detection p.1/55 Overview This is important for defense in depth Much
More informationComputer Science Masters Project DIG. Detecting Intrusions Graphically. Christopher Cramer. Approved by: Project Advisor : Date:
Computer Science Masters Project DIG Detecting Intrusions Graphically By Christopher Cramer Approved by: Project Advisor : Date: Sponsoring Faculty : Date: Intrusion Detection Network security has become
More informationbcjewell21@tntech.edu beaverjm@ornl.gov
Host-Based Data Exfiltration Detection via System Call Sequences Brian Jewell 1, Justin Beaver 2 1 Tennessee Technological University, Cookeville, TN, U.S. 2 Oak Ridge National Laboratory, Oak Ridge, TN,
More informationANALYSIS OF PAYLOAD BASED APPLICATION LEVEL NETWORK ANOMALY DETECTION
ANALYSIS OF PAYLOAD BASED APPLICATION LEVEL NETWORK ANOMALY DETECTION Like Zhang, Gregory B. White Department of Computer Science, University of Texas at San Antonio lzhang@cs.utsa.edu, Greg.White@utsa.edu
More informationWeb Application Security
Web Application Security Richard A. Kemmerer Reliable Software Group Computer Science Department University of California Santa Barbara, CA 93106, USA http://www.cs.ucsb.edu/~rsg www.cs.ucsb.edu/~rsg/
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationUSING GENETIC ALGORITHM IN NETWORK SECURITY
USING GENETIC ALGORITHM IN NETWORK SECURITY Ehab Talal Abdel-Ra'of Bader 1 & Hebah H. O. Nasereddin 2 1 Amman Arab University. 2 Middle East University, P.O. Box: 144378, Code 11814, Amman-Jordan Email:
More informationAggregating Distributed Sensor Data for Network Intrusion Detection
Aggregating Distributed Sensor Data for Network Intrusion Detection JOHN C. McEACHEN, CHENG KAH WAI, and VONDA L. OLSAVSKY Department of Electrical and Computer Engineering Naval Postgraduate School Monterey,
More information