An observation-centric analysis on the modeling of anomaly-based intrusion detection

International Journal of Network Security

Volumn 4, Issue 3, 2007, Pages 292-305

  Zhang, Zonghua ^a   Shen, Hong ^a   Sang, Yingpeng ^a  

^a JAPAN ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY   (Japan)

Author keywords

Anomaly detection; Computer security; Information security; Intrusion detection; Misuse detection

Indexed keywords

ANOMALY DETECTION; ANOMALY DETECTION MODELS; ANOMALY DETECTOR; ANOMALY-BASED INTRUSION DETECTION; BLIND SPOTS; COMPUTATIONAL COSTS; DETECTION COVERAGE; EXISTING PROBLEMS; FORMAL ANALYSIS; KEYPOINTS; MISUSE DETECTION; OBSERVATION-CENTRIC ANALYSIS; OBSERVED SAMPLES; OPERATING ENVIRONMENT; OPERATIONAL CAPABILITIES; STATISTICAL FRAMEWORK;

DETECTORS; SECURITY OF DATA;

INTRUSION DETECTION;

EID: 78049530653     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (31)

1. M. Burgess, H. Haugerud, and S. Straumsnes, "Measuring system normality," ACM Transactions on Computer Systems, vol. 20, no. 2, pp. 125-160, May 2002.
2. G. Cormode, M. Datar, P. Lndyk, and S. Muthukrishnan, "Comparing data streams using hamming norms (How to zero in)," IEEE Transaction on Knowledge and Data Engineering, vol. 15, no. 3, pp. 529-540, May/June 2003.
3. V. N. P. Dao and V. R. Vemuri, "A performance comparison of different back propagation neural networks methods in computer network intrusion detection," Differential Equations and Dynamical Systems, vol. 10, no. 1&2, pp. 201-21, Jan.&Apr., 2002.
4. Y. D. Yan and Y. Ding, "Host-based intrusion detection using dynamic and static behavioral models,' Pttern Recognition, vol. 36, pp. 229-243, 2003.
5. S. Forrest, S. A. Hofmeyr, and T. A. Longstaff "A sense of self for UNIX processes," in proceedings of 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA: IEEE Computer Society Press, pp. 120-128, 1996.
6. S. Guha, A. M. Meyerson, N. Mishra, R. Motwani, and L. O'Callaghan, "Clustering data streams: Theory and practice," IEEE Transaction on Knowledge and Data Engineering, vol. 15, no. 3, pp. 515-528, May/June 2003.
7. P. Helman and G. Liepins, "Statistical foundataions of audit trail analysis for the detection of computer misuse," IEEE Transaction on Software Engineering, vol. 19, no. 9, Sep. 1993.
8. S. A. Hofmeyr, S. Forrest, A. Somayaji, "Intrusion detection using sequences of system calls," Journal of Computer Security, vol. 6, no. 3, pp. 151-180, 1998.
9. S. H. Steiner, "Grouped data exponentially weighted moving average control charts," Journal of the Royal Statistical Society: Series C (Applied Statistics), vol. 47, no. 2, pp. 203-216, 1998.
10. W. Hu, Y. Liao, and V. R. Vemuri, "Robust support vetor machines for anomaly detection in computer security," The 2003 International Conference on Machine Learning and Applications (ICMLA'03), Los Angeles, California, pp. 168-174, June 2003.
11. M. Hutter, "Optimality of universal Bayesian sequence prediction for general loss and alphabet," Journal of Machine Learning Research, vol. 4, pp. 971-1000, 2003.
12. T. Lane, and C. E. Brodley, "An empirical study of two approaches to sequence learning for anomaly detection," Machine Learning, vol. 51, pp. 73-107, 2003.
13. W. Lee, and S. J. Stolfo, "Data mining approaches for intrusion detection," in Proceedings of the 7th USENIX Security Symposium, 1998.
14. W. Lee and D. Xiang, "Information-theoretic measures for anomaly detection," in IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 130-143, Los Alamitos, Oakland, California, 14- 16 May, 2001.
15. Y. Liao and V. R. Vemuri, "Use of K-Nearest neighbor classifier for intrusion detection," Computers&Security, vol. 21, no. 5, pp. 439-448, Oct. 2002.
16. T. F. Lunt, "IDES: An ingelligent system for detecting intruders," in Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy, pp. 30-45, 1990.
17. S. Ma, and C. Ji, "Modeling heterogeneous network traffic in wavelet domain," IEEE/ACM Transactions On Networking, vol. 9, no. 5, pp. 634-649, Oct. 2001.
18. R. A. Maxion, and K. M. C. Tan, "Anomaly detection in embedded systems," IEEE Transaction on Computers, vol. 51, no. 2, Feb. 2002.
19. R. A. Maxion, and K. M.C. Tan, "Benchmarking anomaly-based detection systems," in Proceedings of International Conference on Dependable Systems and Networks (DSN2000), pp. 623-630, 2000.
20. J. Mchugh, "Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincolnlaboratory," ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 262-294, Nov. 2000.
21. MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/ideval/data/dataindex.html.
22. B. V. Nguyen, An Application of Support Vector Ma-chines to Anomaly Detection, Research in Computer Science-Support Vector Machine, Course Report, Ohio University, Fall 2002.
23. R. J. Solomonoff, Three Kinds of Probabilistic Induc-tion: Universal Distributions and Convergence The-orems, http://world.std.com/rjs/pubs.html, June 2003.
24. K. M. C. Tan and R. A. Maxion, ""Why 6" defining the operational limites of stide, an anomaly-based intrusion detector," in Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P'02), pp. 188-201, 2002.
25. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion, "Undermining an anomaly-based intrusion detection system using common exploits," RAID 2002, LNCS 2516, pp. 54-73, Springer-Verlag, 2002.
26. C. Warrender, S. Forrest, and B. Pearlumtter, "Detecting intrusions using system calls: Alternative data models," 1999 IEEE Symposium on Security and Privacy, pp. 133-145, 1999.
27. N. Ye, X. Li, Q. Chen, S. M. Emran, and M. Xu, "Probabilistic techniques for intrusion detection based on computer audit data," IEEE Transaction on Systems, Man, and Cybernetics-Part A:Systems and Humans, vol. 31, no. 4, July 2001.
28. N. Ye, S. M. Emran, Q. Chen, and S. Vilber, "Multivariate statistical analysis of audit trails for hostbased intrusion detection," IEEE Transaction on Computers, vol. 51, no. 7, pp. 810-820, July 2002.
29. N. Ye, T. Ehiabor and Y. Zhang, "First-order versus high-order stochastic models for computer intrusion detection," Quqlity and Reliability Engineering Internation, vol. 18, pp. 243-250, 2002.
30. Z. Zhang and H. Shen, "Application of onlinetraining SVMs for real-time intrusiondetection with different considerations", Computer Communications, Elsevier Science, vol. 28, no. 12, pp. 1428-1442, July 2005.
31. Z. Zhang and H. Shen, "Constructing multi-layer boundary to defend against intrusive anomalies: An autonomic detection coordinator," in Proceedings of the International Conference on Dependable Systems and Networks(DSN2005), Yokohama, Japan, pp. 118-127, June 28-July 1, 2005.