Fast intrusion detection based on a non-negative matrix factorization model

Journal of Network and Computer Applications

Volumn 32, Issue 1, 2009, Pages 31-44

  Guan, Xiaohong ^a,b   Wang, Wei ^a   Zhang, Xiangliang ^a  

^a XI'AN JIAOTONG UNIVERSITY   (China)

^b TSINGHUA NATIONAL LABORATORY FOR INFORMATION SCIENCE AND TECHNOLOGY   (China)

Author keywords

Anomaly detection; Computer security; Intrusion detection system; Non negative matrix factorization

Indexed keywords

BLIND SOURCE SEPARATION; COLUMNS (STRUCTURAL); COMPUTER CRIME; COMPUTER SYSTEMS; FACE RECOGNITION; FACTORIZATION; FEATURE EXTRACTION; LIGHT MEASUREMENT; SECURITY OF DATA; VECTORS;

ANOMALY DETECTION; ANOMALY DETECTIONS; ANOMALY INTRUSION DETECTIONS; COMPUTATION EFFICIENCIES; COMPUTER SECURITY; DATA BLOCKS; DATA VECTORS; DETECTION ACCURACIES; DIMENSIONAL DATUMS; FIXED LENGTHS; INTRUSION DETECTION SYSTEM; LOW DIMENSIONS; MATRIX REPRESENTATIONS; NON-NEGATIVE MATRIX FACTORIZATION; NON-NEGATIVE MATRIX FACTORIZATIONS; NOVEL METHODS; SYSTEM CALLS; USER BEHAVIORS;

INTRUSION DETECTION;

EID: 55949124178     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2008.04.006     Document Type: Article

References (31)

1. Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system (NIDES): a summary. Technical report SRI-CSL-95-07, Menlo Park, CA: Computer Science Laboratory, SRI International; May 1995.
2. Cai Z., Guan X., Shao P., et al. A rough set theory based method for anomaly intrusion detection in computer networks. Expert Syst 18 5 (2003) 251-259
3. CERT Advisory CA-2001-07 File globbing vulnerabilities in various FTP servers [Online]. Available: 〈http://www.cert.org/advisories/CA-2001-07.html〉.
4. Cho S.B., and Park H.J. Efficient anomaly detection by modeling privilege flows using hidden markov model. Comput Secur 22 1 (2003) 45-55
5. Denning D.E. An intrusion-detection model. IEEE Trans Software Eng 13 2 (1987) 222-232
6. Duda R.O., Hart P.E., and Stork D.G. Pattern classification. 2nd ed. (2004), China Machine Press, Beijing
7. Feng L., Guan X., Guo S., et al. Predicting the intrusion intentions by observing system call sequences. Comput Secur 23 5 (2004) 241-252
8. Forrest S, Hofmeyr SA, Somayaji A, et al. A sense of self for Unix processes. In: Proceedings of the 1996 IEEE symposium on research in security and privacy, Los Alamos, CA, 1996, p.120-8.
9. Golub G.H., and Van Loan C.F. Matrix computation (1996), Johns Hopkins University Press, Baltimore
10. Hu W, Liao Y, Vemuri VR. Robust support vector machines for anomaly detection in computer security. In: Proceedings of the 2003 international conference on machine learning and applications (ICMLA'03), Los Angeles, California, June 2003.
11. Kruegel C, Kirda E, Mutz D, Robertson W, Vigna G. Polymorphic worm detection using structural information of executables. In: Eighth symposium on recent advances in intrusion detection (RAID), 2005.
12. Lane T, Brodley CE. Temporal sequence learning and data reduction for anomaly detection. In: Proceedings of the fifth ACM conference on computer & communication security, 1998.
13. Lee D.D., and Seung H.S. Learning the parts of objects with nonnegative matrix factorization. Nature 401 (1999) 788-791
14. Lee D.D., and Seung H.S. Algorithms for nonnegative matrix factorization. Advances in neural information processing systems 13 (2000), MIT Press, Cambridge, MA
15. Lee W, Stolfo S. Data mining approaches for intrusion detection. In: Proceedings of the seventh USENIX security symposium, Usenix Association, January 1998, p. 79-94.
16. Liao Y., and Vemuri V.R. Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 21 5 (2002) 439-448
17. Lunt T, Tamaru A, Gilham F, et al. A real-time intrusion detection expert system (IDES)-final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, February, 1992.
18. Moore D, Shannon C. Code-red: a case study on the spread and victims of an internet worm. In: Proceedings of the 2002 ACM SICGOMM internet measurement workshop, Marseille, France, November 2002, p. 273-84.
19. Moore D, et al. The Spread of the Sapphire/Slammer Worm [Online]. Available: 〈http://www.caida.org/analysis/security/sapphire〉, February 2007.
20. Schonlau M., and Theus M. Detecting masquerades in intrusion detection based on unpopular commands. Inf Process Lett 76 (2000) 33-38
21. Schonlau M., Dumouchel W., Ju W.H., et al. Computer intrusion: detecting masquerades. Stat Sci 16 1 (2001) 58-74
22. Smaha SE. Haystack: an intrusion detection system. In: Proceedings of the IEEE fourth aerospace computer security applications conference, 1988.
23. Wang W, Guan X, Zhang X. Modeling program behaviors by hidden markov models for intrusion detection. In: Proceedings of the third international conference on machine learning and cybernetics (ICMLC 2004), 2004, p. 2830-5.
24. Wang W, Guan X, Zhang X. A novel intrusion detection method based on principal component analysis in computer security. Advances in neural networks-ISNN 2004. In: International IEEE symposium on neural networks, Dalian, China. Lecture notes in computer science (LNCS), no. 3174. 2004, p. 657-62.
25. Wang W, Guan X, Zhang X. Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization. In: Proceedings of 43rd IEEE conference on decision and control (CDC'04), Atlantis, Paradise Island, Bahamas, December 2004, p. 99-104.
26. Wang W., Guan X., Zhang X., and Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput Secur Elsevier 25 7 (2006) 539-550
27. Wang W., Guan X., and Zhang X. Processing of massive audit data streams for real-time anomaly intrusion detection. Comput Commun Elsevier 31 1 (2008) 58-72
28. Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE symposium on security and privacy, 1999, p. 133-45.
29. Wespi A, Dacier M, Debar H. Intrusion detection using variable-length audit trail patterns. In: Proceedings of the third international workshop on the recent advances in intrusion detection (RAID'2000), no. 1907, Lecture notes on computer scinece, October 2000.
30. Yeung D.Y., and Ding Y. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36 1 (2003) 229-243
31. Zou CC, Gong W, Towsley D. Code red worm propagation modeling and analysis. In: Proceedings ninth ACM conference on computer and communication security, November 2002.