A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

Journal of Network and Computer Applications

Volumn 32, Issue 6, 2009, Pages 1219-1228

  Hoang, Xuan Dau ^a   Hu, Jiankun ^b   Bertok, Peter ^b  

^a PTIT   (Viet Nam)

^b RMIT UNIVERSITY   (Australia)

Author keywords

Anomaly intrusion detection; Fuzzy logic; Hidden Markov model; Multiple detection engines; Program intrusion detection

Indexed keywords

ANOMALY INTRUSION DETECTION; DETECTION SCHEME; FALSE POSITIVE; HIGH COSTS; HMM TRAINING; INCREMENTAL TRAINING; INFERENCE MECHANISM; MEMORY REQUIREMENTS; MULTIPLE DETECTION; MULTIPLE DETECTION ENGINES; PROGRAM INTRUSION DETECTION; PROGRAM SYSTEMS; TRAINING TIME;

ENGINES; FUZZY INFERENCE; FUZZY SETS; HIDDEN MARKOV MODELS; OBJECT RECOGNITION;

INTRUSION DETECTION;

EID: 68949196337     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2009.05.004     Document Type: Article

References (39)

1. Abadeh M.S., Habibi J., and Lucas C. Intrusion detection using a fuzzy genetics-based learning algorithm. Journal of Network and Computer Application 30 (2007) 414-428
2. Analoui M, Bidgoli MB, Rezvani, HM. Hierarchical classifier combination and its application in networks intrusion detection. In: 7th IEEE international conference on data mining workshops, 28-31 October 2007. p. 533-8.
3. Anderson D, Frivold T, Tamaru A, Valdes A. Next generation intrusion detection expert system (NIDES), Software user's manual, beta-update release. Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Technical Report SRI-CSL-95-0, May 1994.
4. Anderson D, Lunt TF, Javitz H, Tamaru A., Valdes A. Detecting unusual program behaviour using the statistical component of the next-generation intrusion detection expert system (NIDES). Computer Science Laboratory, SRI International, Menlo Park, CA, USA, SRI-CSL-95-06, May 1995.
5. Bose S, Bharathimurugan S, Kannan A. Multi-layer integrated anomaly intrusion detection system for mobile ad hoc networks. In: IEEE ICSCN 2007, MIT Campus, India, February 22-24, 2007. p. 360-5.
6. Cho S. Incorporating soft computing techniques into a probabilistic intrusion detection system. IEEE Transactions on Systems, Man, and Cybernetics 32 2 (2002)
7. Davis RIA, Lovell BC. Improved estimation of hidden Markov model parameters from multiple observation sequences. In: International Conference on Pattern Recognition, Quebec City, Canada, August 2002. p. 168-71.
8. Denning D.E. An intrusion-detection model. IEEE Transactions in Software Engineering 13 (1987) 222-232
9. Dickerson J, Juslin J, Koukousoula O. Fuzzy intrusion detection. In: Proceedings of the North American Fuzzy Information Processing society, Vancouver, Canada, July 25, 2001. p. 1506-10.
10. Dong SK, Nguyen HN, Park JS. Genetic algorithm to improve SVM based network intrusion detection system. Advanced information AINA 2005. In: 19th international conference on networking and applications 2005, vol. 2. p. 155-8.
11. Evers J. FBI: computer crime costs US firms $67bn. 〈http://news.zdnet.co.uk/security/0,1000000189,39248195,00.htm〉. Retrieved on 15 April, 2008.
12. Feng C, Peng J, Qiao H, Rozenblit JW. Alert fusion for a computer host based intrusion detection system. In: The 4th annual IEEE international conference and workshops on the, engineering of computer-based systems, 26-29 March 2007. p. 433-40.
13. Florez G, Bridges S, Vaughn R. An improved algorithm for fuzzy data mining for intrusion detection. In: Annual meeting of the North American on fuzzy information processing society, June 27-29, 2002. p. 457-62.
14. Forrest S, Hofmeyr S, Somayaji A, Longstaff T. A sense of self for Unix processes. In: Proceedings of the IEEE symposium on computer security and privacy, 1996.
15. Giacinto G, Roli F. Intrusion detection in computer networks by multiple classifier systems. In: Proceedings of the 16th international conference on pattern recognition, vol. 2, August 11-15, 2002. p. 390-3.
16. Gòmez J, Dasgupta D. Evolving fuzzy classifiers for intrusion detection. In: The 3rd annual IEEE workshop on information assurance, New Orleans, Louisiana, USA, June 17-19, 2002.
17. Gòmez J, Gonzàlez F, Dasgupta D. An immuno-fuzzy approach to anomaly detection. In: IEEE international conference on fuzzy systems, vol. 2, May 25-28, 2003. p. 1219-24.
18. Gotoh Y, Hochberg MM, Silverman HF. Efficient training algorithms for HMMs using incremental estimation. In: IEEE transactions on speech and audio processing, vol. 6 (6), 1998. p. 539-48.
19. Hautamaki V, Karkkainen I, Franti P. Outlier detection using k-nearest neighbour graph. In: Proceedings of the 17th international conference on pattern recognition, Los Alamitos, CA, USA, 2004. p. 430-3.
20. Hoang X, Hu J, Bertok P. A multi-layer model for anomaly intrusion detection using program sequences of system calls. In: Proceedings of IEEE international conference on network, Sydney, Australia, September 2003a. p. 531-6.
21. Hoang X, Hu J, Bertok P. Intrusion detection based on data mining. In: The 15th international conference on enterprise information systems, Angers, France, vol. 3, 2003b. p. 341-6.
22. Hoang X, Hu J. An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls. In: Proceedings of the IEEE international conference on network, November 2004, vol. 2. p. 470-4.
23. Hu J., Yu X., Qiu D., and Chen H.H. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Network 23 1 (2009)
24. Hwang K., Cai M., Chen Y., and Qin M. Hybrid intrusion detection with weighted signature generation over anomalous Internet episodes. IEEE Transactions on Dependable and Secure Computing 4 1 (2007) 41-55
25. Lee W, Stolfo SJ, Mok KW. A data mining framework for building intrusion detection models. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, 1999. p. 120-32.
26. Lee W, Nimbalkar RA, Yee KK, Patil SB, Desai PH, Tran TT, Stolfo SJ. A data mining and CIDF based approach for detecting novel and distributed intrusions. In: Proceedings of the third international workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, 2000. p. 49-65.
27. Lunt TF, Tamaru A, Gilham F, Jagannathm R, Jalali C, Neumann PG, Javitz HS, Valdes A, Garvey TD. A real-time intrusion detection expert system (IDES). Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Final Technical Report, February 1992.
28. Luo J, Bridges S, Vaughn R. Fuzzy frequent episodes for real-time intrusion detection. In: IEEE international conference on fuzzy systems, Melbourne, Australia, December 2-5, 2001.
29. Oliver J.J., and Hand D. Averaging over decision trees. Journal of Classification 13 (1996) 281-297
30. Patcha A., and Park J.M. An overview of anomaly detection techniques: existing solutions and latest technological trends. Computer Networks 51 (2007) 3448-3470
31. Rabiner L. A tutorial on hidden Markov model and selected applications in speech recognition. Proceedings of the IEEE 77 2 (1989)
32. Tokhtabayev AG, Skormin VA. Non-stationary Markov models and anomaly propagation analysis in IDS. In: The 3rd international symposium on information assurance and security, 2007. p. 203-8.
33. Tsang CH, Kwong S, Wang H. Anomaly intrusion detection using multi-objective genetic fuzzy system and agent-based evolution computation framework. In: Proceedings of the 5th IEEE International Conference on Data Mining (ICDM'05), 2005.
34. University of New Mexico's Computer Immune Systems Project: 〈http://www.cs.unm.edu/~immsec/systemcalls.htm〉, Retrieved on 2005.
35. Varghese SM, Jacob KP. Process profiling using frequencies of system calls. In: The 2nd international conference on availability, reliability and security, 2007. p. 473-9.
36. Vokorokos L, Chovanec M, Latka O, Kleinova A. Security of distributed intrusion detection system based on multisensor fusion. SAMI 2008. In: 6th international symposium on applied machine intelligence and informatics, 2008. p. 19-24.
37. Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, USA, 1999. p. 133-45.
38. Webb G.I., Boughton J., and Wang Z. Not so naive Bayes: aggregating one-dependence estimators. Machine Learning 58 1 (2005) 5-24
39. Ye N, Xu M. Information fusion for intrusion detection. In: Proceedings of the 3rd international conference on information fusion, vol. 2, 2000. p. THB3/17-THB3/20.