Of daemons and men: A file system approach towards intrusion detection

Applied Soft Computing Journal

Volumn 25, Issue , 2014, Pages 1-14

  Mamalakis, G ^a   Diou, C ^a   Symeonidis, A L ^a   Georgiadis, L ^a  

^a ARISTOTLE UNIVERSITY OF THESSALONIKI   (Greece)

Author keywords

Anomaly detection; Data mining; File system; Information security; Intrusion detection systems; Machine learning

Indexed keywords

LEARNING SYSTEMS; SECURITY OF DATA; ARTIFICIAL INTELLIGENCE; DATA MINING; FILE ORGANIZATION; LEARNING ALGORITHMS; NETWORK SECURITY; SOCIAL NETWORKING (ONLINE); SUPPORT VECTOR MACHINES; WEB SERVICES; WORLD WIDE WEB;

ANOMALY DETECTION; FILE SYSTEMS; INTRUSION DETECTION SYSTEMS; ANOMALY DETECTION SYSTEMS; FALSE POSITIVE RATES; GAUSSIAN MIXTURE MODEL (GMMS); ONE-CLASS CLASSIFICATION; SUPPORT VECTOR MACHINE (SVMS);

DATA MINING; INTRUSION DETECTION;

EID: 84907481520     PISSN: 15684946     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.asoc.2014.07.026     Document Type: Article

References (42)

1. C. Burges A tutorial on support vector machines for pattern recognition Data Min. Knowl. Discov. 2 2 1998 121 167
2. W. Chen, S. Hsu, and H. Shen Application of svm and ann for intrusion detection Comput. Oper. Res. 32 10 2005 2617 2634
3. E. Corchado, and Á Herrero Neural visualization of network traffic data for intrusion detection Appl. Soft Comput. 11 2 2011 2042 2056
4. D. Denning An intrusion-detection model IEEE Trans. Softw. Eng. 2 1987 222 232
5. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff A sense of self for unix processes IEEE Symposium on Security and Privacy, 1996 Proceedings 1996 IEEE 120 128
6. S. Forrest, A. Perelson, L. Allen, and R. Cherukuri Self-nonself discrimination in a computer IEEE ComputerSociety Symposium on Research in Security and Privacy, 1994 Proceedings 1994 IEEE 202 212
7. P. Gogoi, B. Borah, and D.K. Bhattacharyya Anomaly detection analysis of intrusion data using supervised & unsupervised approach J. Converg. Inf. Technol. 5 1 2010 95 110
8. J. Hochberg, K. Jackson, C. Stallings, J. McClary, D. DuBois, and J. Ford Nadir: An automated system for detecting network intrusion and misuse Comput. Secur. 12 3 1993 235 248
9. S. Hofmeyr, S. Forrest, and A. Somayaji Intrusion detection using sequences of system calls J. Comput. Secur. 6 3 1998 151 180
10. S.-J. Horng, M.-Y. Su, Y.-H. Chen, T.-W. Kao, R.-J. Chen, J.-L. Lai, and C.D. Perkasa A novel intrusion detection system based on hierarchical clustering and support vector machines Expert Syst. Appl. 38 1 2011 306 313
11. E. Jones, T. Oliphant, and P. Peterson SciPy: Open Source Scientific Tools for Python 2001 http://www.scipy.org/scipylib/citing.html
12. I. Kang, M. Jeong, and D. Kong A differentiated one-class classification method with applications to intrusion detection Expert Syst. Appl. 39 4 2012 3899 3905
13. G. Kou, Y. Peng, Z. Chen, and Y. Shi Multiple criteria mathematical programming for multi-class classification and application in network intrusion detection Inf. Sci. 179 4 2009 371 381
14. S. Kumar, and E. Spafford A Pattern Matching Model for Misuse Intrusion Detection Proceedings of 17th National Computer Security Conference 1994
15. T. Lane, and C. Brodley Sequence matching and learning in anomaly detection for computer security AAAI Workshop: AI Approaches to Fraud Detection and Risk Management 1997 43 49
16. W. Lee, S. Stolfo, P. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, and J. Zhang Real time data mining-based intrusion detection DARPA Information Survivability Conference and Exposition II, 2001, DISCEX'01, Proceedings, vol. 1 2001 IEEE 89 100
17. Z. Li, Z. Chen, S. Srinivasan, and Y. Zhou C-miner: Mining block correlations in storage systems Proceedings of the 3rd USENIX Conference on File and Storage Technologies, vol. 186. 2004 USENIX Association
18. Y. Liao, and V. Vemuri Use of k-nearest neighbor classifier for intrusion detection Comput. Secur. 21 5 2002 439 448
19. U. Lindqvist, and P. Porras expert-bsm: a host-based intrusion detection solution for sun solaris Proceedings 17th Annual Computer Security Applications Conference, ACSAC 2001 2001 IEEE 240 251
20. R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, and R. Cunningham Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation DARPA Information Survivability Conference and Exposition, DISCEX'00, Proceedings, vol. 2 2000 IEEE 12 26
21. R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das The 1999 darpa off-line intrusion detection evaluation Comput. Netw. 34 4 2000 579 595
22. L. Manevitz, and M. Yousef One-class document classification via neural networks Neurocomputing 70 7 2007 1466 1481
23. G.J. McLachlan, and K.E. Basford Mixture models. Inference and applications to clustering Statistics: Textbooks and Monographs vol. 1 1988 Dekker New York
24. D. Mutz, F. Valeur, G. Vigna, and C. Kruegel Anomalous system call detection ACM Trans. Inform. Syst. Secur. 9 1 2006 61 93
25. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay Scikit-learn: Machine learning in Python J. Mach. Learn. Res. 12 2011 2825 2830
26. S. Peisert, M. Bishop, S. Karin, and K. Marzullo Analysis of computer intrusions using sequences of function calls IEEE Trans. Depend. Secure Comput. 4 2 2007 137 150
27. P. Porras, and P. Neumann Emerald: event monitoring enabling response to anomalous live disturbances Proceedings of the 20th national information systems security conference 35 1997 3 365
28. M. Roesch Snort: lightweight intrusion detection for networks LISA 99 1999 229 238
29. B. Schölkopf, J. Platt, J. Shawe-Taylor, A. Smola, and R. Williamson Estimating the support of a high-dimensional distribution Neural Comput. 13 7 2001 1443 1471
30. M. Sebring, E. Shellhouse, M. Hanna, and R. Whitehurst Expert systems in intrusion detection: a case study Proceedings of the 11th National Computer Security Conference 7 1988 4 81
31. K. Sequeira, and M. Zaki Admit: anomaly-based data mining for intrusions Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining 2002 ACM 386 395
32. S. Soft Sunshield Basic Security Module Guide 1995 Sun Microsystems
33. P. Stanton, W. Yurcik, and L. Brumbaugh Fabs: file and block surveillance system for determining anomalous disk accesses Information Assurance Workshop, 2005, IAW'05, Proceedings from the Sixth Annual IEEE SMC, IEEE 2005 207 214
34. S. Stolfo, S. Hershkop, L. Bui, R. Ferster, and K. Wang Anomaly detection in computer security and an application to file system accesses Found. Intell. Syst. 2005 14 28
35. S.J. Stolfo, F. Apap, E. Eskin, K. Heller, S. Hershkop, A. Honig, and K. Svore A comparative evaluation of two algorithms for windows registry anomaly detection J. Comput. Secur. 13 4 2005 659 693
36. C.-F. Tsai, and C.-Y. Lin A triangle area based nearest neighbors approach to intrusion detection Pattern Recognit. 43 1 2010 222 229
37. D. Wagner, and P. Soto Mimicry attacks on host-based intrusion detection systems Proceedings of the 9th ACM Conference on Computer and Communications Security 2002 ACM 255 264
38. W. Wang, X. Guan, X. Zhang, and L. Yang Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data Comput. Secur. 25 7 2006 539 550
39. C. Warrender, S. Forrest, and B. Pearlmutter Detecting intrusions using system calls: alternative data models Proceedings of the 1999 IEEE Symposium on Security and Privacy 1999 IEEE 133 145
40. J. Xu, and C. Shelton Intrusion detection using continuous time bayesian networks J. Artif. Intell. Res. 39 1 2010 745 774
41. D. Yeung, and Y. Ding Host-based intrusion detection using dynamic and static behavioral models Pattern Recognit. 36 1 2003 229 243
42. Z. Zhang, and H. Shen Application of online-training svms for real-time intrusion detection with different considerations Comput. Commun. 28 12 2005 1428 1442