Anomaly detection with high deviations for system security

The concept of the unidentified pattern comes from theoretic analysis of pattern space and experimental analysis of pattern distribution. The fuzzy mapping algorithm has been specially designed for the mapping of the unidentified pattern according to the clustering principle of normal and abnormal pattern in the normal and attack period of time. It provides the computation foundation, on which the concept of the unidentified pattern can be introduced into the anomaly detection of privileged programs providing host services. Experiment results indicate that the proposed modeling method of anomaly detection evidently increases the deviation of attack behaviors from normal profile, and ultimately increases detection capability against known and unknown attacks. The research achievements have laid the strong theoretical and experimental foundations to develop the security technologies of system services.

[1]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[2]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Shigeki Goto,et al.  A new intrusion detection method based on discriminant analysis , 2001 .

[5]  P. Helman,et al.  A formal framework for positive and negative detection schemes , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[6]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[7]  H. Dai,et al.  Applying both positive and negative selection to supervised learning for anomaly detection , 2005, GECCO '05.

[8]  Salvatore J. Stolfo,et al.  Modeling system calls for intrusion detection with dynamic window sizes , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.