Analysing Behaviours for Intrusion Detection

In this work, a Behaviour-based Intrusion Detection Model is suggested. The proposed model can be employed from a single host configuration to a distributed mixture of host-based and network-based Intrusion Detection Systems (IDSs). Unlike most state-of-the-art IDSs that rely on analysing lower-level, raw-data representations, our proposed architecture suggests to use higher-level notions -behaviours- instead; this way, the IDS is able to identify more sophisticated attacks. To assess our premise, a Behaviour-based IDS (BIDS) prototype has been designed and developed that scans file system data to identify attacks. BIDS achieves high detection rates with low corresponding false positive rates, superseding other state-of-the-art file system IDSs.

[1]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[2]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[3]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[4]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[5]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[6]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Christos Diou,et al.  Of daemons and men: A file system approach towards intrusion detection , 2014, Appl. Soft Comput..

[8]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[9]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[10]  Hyunwoo Kim,et al.  Advanced probabilistic approach for network intrusion forecasting and detection , 2013, Expert Syst. Appl..

[11]  T. Lane,et al.  Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .

[12]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[14]  Salvatore J. Stolfo,et al.  Anomaly Detection in Computer Security and an Application to File System Accesses , 2005, ISMIS.

[15]  D. N. Geary Mixture Models: Inference and Applications to Clustering , 1989 .

[16]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..