A data reduction method for intrusion detection

This paper describes a technique for improving efficiency of data analysis involved in intrusion detection. Intrusion detection aims to detect security violations from abnormal patterns of system usage. It is required that user activities be monitored by the system and that monitoring data be analyzed to recognize behavior patterns of users. Multivariate data analysis may be used to achieve intrusion detection. Nevertheless, system monitoring typically records everything that each user performs in the system; hence, a massive volume of monitoring data is created. To allow analysis of monitoring data to be performed efficiently, it is essential to develop techniques that, without losing important information, reduce the amount of data to be processed. This paper presents a data reduction method that makes multivariate data analysis involved in intrusion detection more efficient. Our data reduction technique extracts, from the original data set, discriminating components that best characterize user behavior. This way, the amount of data to be processed by the multivariate data analysis module will be reduced substantially.

[1]  Charles T. Zahn,et al.  Graph-Theoretical Methods for Detecting and Describing Gestalt Clusters , 1971, IEEE Transactions on Computers.

[2]  Kwok-Yan Lam,et al.  Multivariate data analysis software for enhancing system security , 1995, J. Syst. Softw..

[3]  Ian T. Jolliffe 10. Exploratory and Multivariate Data Analysis , 1993 .

[4]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[6]  W. Greub Linear Algebra , 1981 .

[7]  R. H. Stumpf,et al.  Graphical exploratory data analysis , 1986 .