Using Text Categorization Techniques for Intrusion Detection
作者: Yihua Liao , V. Rao Vemuri
DOI:
关键词:
摘要: A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Short sequences of system calls have been by others characterize a program’s before. However, separate databases short call be built for different programs, and learning profiles involves time-consuming training testing processes. With kNN frequencies are describe behavior. Text categorization techniques adopted convert each process vector calculate similarity between two activities. Since there no need learn individual separately, calculation involved largely reduced. Preliminary experiments with 1998 DARPA BSM audit data show that classifier can effectively detect intrusive attacks achieve low false positive rate.
ucdavis.edu 参考文章(17)
Takefumi Onabuta, Midori Asaka, Shunji Okazawa, Shigeki Goto, Tadashi Inoue, A new intrusion detection method based on discriminant analysis IEICE Transactions on Information and Systems. ,vol. 84, pp. 570- 577 ,(2001)
James Tin-Yau Kwok, Automated Text Categorization Using Support Vector Machine. international conference on neural information processing. pp. 347- 351 ,(1998)
Philip K. Chan, Wenke Lee, Saivatore J. Stolfo, Learning Patterns from Unix Process Execution Traces for Intrusion Detection ,(1997) , 10.7916/D8B56RF2
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
Prem Uppuluri, R. Sekar, Experiences with Specification-Based Intrusion Detection recent advances in intrusion detection. pp. 172- 189 ,(2001) , 10.1007/3-540-45474-8_11
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Emilie Lundin, Erland Jonsson, Anomaly-based intrusion detection: privacy concerns and other problems recent advances in intrusion detection. ,vol. 34, pp. 623- 640 ,(2000) , 10.1016/S1389-1286(00)00134-1
Yiming Yang, Expert network: effective and efficient learning from human decisions in text categorization and retrieval international acm sigir conference on research and development in information retrieval. pp. 13- 22 ,(1994) , 10.5555/188490.188496
Nong Ye, Xiangyang Li, Qiang Chen, S.M. Emran, Mingming Xu, Probabilistic techniques for intrusion detection based on computer audit data systems man and cybernetics. ,vol. 31, pp. 266- 274 ,(2001) , 10.1109/3468.935043
H.S. Vaccaro, G.E. Liepins, Detection of anomalous computer session activity ieee symposium on security and privacy. pp. 280- 289 ,(1989) , 10.1109/SECPRI.1989.36302