Constructing attribute weights from computer audit data for effective intrusion detection

Journal of Systems and Software

Volumn 82, Issue 12, 2009, Pages 1974-1981

  Wang, Wei ^a   Zhang, Xiangliang ^b   Gombault, Sylvain ^c  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b UFR 919 Laboratoire d'Informatique Pour la Mécanique et les Sciences de l'Ingénieur   (France)

^c UNIVERSITÉ EUROPÉENNE DE BRETAGNE   (France)

Author keywords

Chi square; Distance measures; Intrusion detection; k Nearest neighbor; Masquerade detection; Principal component analysis

Indexed keywords

BEHAVIORAL RESEARCH; INVERSE PROBLEMS; NEAREST NEIGHBOR SEARCH; PRINCIPAL COMPONENT ANALYSIS; STATISTICAL TESTS; TEXT PROCESSING;

ANOMALY INTRUSION DETECTION; CHI-SQUARE; DETECTION PERFORMANCE; DISTANCE MEASURE; K-NEAREST NEIGHBORS; MASQUERADE DETECTION; TERM FREQUENCY-INVERSE DOCUMENT FREQUENCIES; UNIVERSITY OF NEW MEXICO;

INTRUSION DETECTION;

EID: 71749108310     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2009.06.040     Document Type: Article

References (25)

1. Axelsson S. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information Systems Security 3 3 (2000) 186-205
2. Axelsson, S., 2000. Intrusion detection systems: A survey and taxonomy, Technical Report 99-15, Chalmers Univ.
3. Chen W.H., Hsu S.H., and Shen H.P. Application of SVM and ANN for intrusion detection. Computer Operation Research 32 (2005) 2617-2634
4. Cho S.B., and Park H.J. Efficient anomaly detection by modeling privilege flows using hidden markov model. Computer and Security 22 1 (2003) 45-55
5. Denning D.E. An intrusion detection model. IEEE Transactions on Software Engineering 13 2 (1987) 222-232
6. Duda R.O., Hart P.E., and Stork D.G. Pattern Classification. second ed. (2004), China Machine Press, Beijing
7. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A., 1996. A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, pp. 120-128.
8. Guan X., Wang W., and Zhang X. Fast intrusion detection based on a non-negative matrix factorization model. Journal of Network and Computer Applications, Elsevier 31 1 (2009) 31-44
9. Hu, W., Liao, Y., Vemuri, V.R., 2003. Robust support vector machines for anomaly detection in computer security. In: Proceeding of the 2003 International Conference on Machine Learning and Applications.
10. Johnson R.A., and Wichern D.W. Applied Multivariate Statistical Analysis (2002), Prentice-Hall
11. Lee, W., Stolfo, S., 1998. Data mining approaches for intrusion detection. In: Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, pp. 79-94.
12. Lee, W., Xiang, D., 2001. Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 130-143.
13. Liao, Y., Vemuri, V.R., 2002. Using text categorization techniques for intrusion detection. In: 11th USENIX Security Symposium, pp. 51-59.
14. Schonlau M., and Theus M. Detecting masquerades in intrusion detection based on unpopular commands. Information Processing Letters 76 (2000) 33-38
15. Schonlau M., Dumouchel W., Ju W.-H., Karr A.F., Theus M., and Vardi Y. Computer Intrusion: Detecting Masquerades. Statistical Science 16 1 (2001) 58-74
16. Tang, B., Shepherd, M., Milios, E., Heywood, M.I., 2005. Comparing and combining dimension reduction techniques for efficient text clustering. International Workshop on Feature Selection for Data Mining - Interfacing Machine Learning and Statistics in conjunction with 2005 SIAM International Conference on Data Mining, Newport Beach, CA.
17. Wang, W., Gombault, S., 2007a. Distance measures for anomaly intrusion detection. In: Proceedings of 2007 International Conference on Security and Management (SAM'07), Las Vegas, NV, pp. 17-23.
18. Wang, W., Gombault, S., 2007b. Detecting masquerades with principal component analysis based on cross frequency weights. In: Proceedings of 14th Anniversary HP-SUA Workshop, Munich, Germany, pp. 227-232.
19. Wang, W., Guan, X., Zhang, X., 2004. Modeling program behaviors by hidden Markov models for intrusion detection. In: Proceedings of the Third International Conference on Machine Learning and Cybernetics (ICMLC'2004), pp. 2830-2835.
20. Wang W., Guan X., Zhang X., and Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Computers and Security, Elsevier 25 7 (2006) 539-550
21. Wang W., Guan X., and Zhang X. Processing of massive audit data streams for real-time anomaly intrusion detection. Computer Communications Elsevier 31 1 (2008) 58-72
22. Warrender, C., Forrest, S., Pearlmutter, B., 1999. Detecting intrusions using system calls: Alternative data models. In: Proceedings of 1999 IEEE Symposium on Security and Privacy, pp. 133-145.
23. Ye N., Li X., Chen Q., Emran S.M., and Xu M. Probabilistic techniques for intrusion detection based on computer audit data. IEEE Transactions on Systems, Man, and Cybernetics 31 4 (2001) 266-274
24. Yeung D.Y., and Ding Y. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36 1 (2003) 229-243
25. Zhang Z., and Shen H. Application of online-training SVMS for real-time intrusion detection with different considerations. Computer Communications 28 (2005) 1428-1442