Applying mining fuzzy association rules to intrusion detection based on sequences of system calls
作者: Guiling Zhang
DOI: 10.1007/11534310_87
关键词: Intrusion detection system 、 Anomaly detection 、 Association rule learning 、 Fuzzy logic 、 Computer science 、 Information extraction 、 Anomaly-based intrusion detection system 、 Data mining
摘要: Intrusion detection is an important technique for computer and information system. S. Forrest coworkers present us that short sequences of system calls are good signature descriptions anomalous intrusion [10]. This paper extends their works by applying mining fuzzy association rules to detection. After giving a primary classification based on threat level its identifier numbers, we generate series sendmail trace data transform them into expression. Then extract the Most Dangerous Sequences Database (MDSD) from expression data, according specific threshold. For MDSD database, apply detect each sequence “normal” or “abnormal”. The prototype experimental results demonstrate proposed method gives enough ability
springer.com
sci-hub.st 参考文章(17)
Ramakrishnan Srikant, Rakesh Agrawal, Fast algorithms for mining association rules very large data bases. pp. 580- 592 ,(1998)
Ramakrishnan Srikant, Rakesh Agrawal, Fast Algorithms for Mining Association Rules in Large Databases very large data bases. pp. 487- 499 ,(1994)
Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
Philip K. Chan, Wenke Lee, Saivatore J. Stolfo, Learning Patterns from Unix Process Execution Traces for Intrusion Detection ,(1997) , 10.7916/D8B56RF2
J.E. Dickerson, J. Juslin, O. Koukousoula, J.A. Dickerson, Fuzzy intrusion detection joint ifsa world congress and nafips international conference. ,vol. 3, pp. 1506- 1510 ,(2001) , 10.1109/NAFIPS.2001.943772
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Ramakrishnan Srikant, Rakesh Agrawal, Mining quantitative association rules in large relational tables international conference on management of data. ,vol. 25, pp. 1- 12 ,(1996) , 10.1145/233269.233311
João B. D. Cabrera, Lundy Lewis, Raman K. Mehra, Detection and classification of intrusions and faults using sequences of system calls international conference on management of data. ,vol. 30, pp. 25- 34 ,(2001) , 10.1145/604264.604269
Theuns Verwoerd, Ray Hunt, Intrusion detection techniques and approaches Computer Communications. ,vol. 25, pp. 1356- 1365 ,(2002) , 10.1016/S0140-3664(02)00037-3
Chan Man Kuok, Ada Fu, Man Hon Wong, Mining fuzzy association rules in databases international conference on management of data. ,vol. 27, pp. 41- 46 ,(1998) , 10.1145/273244.273257