Some similarity coefficients and application of data mining techniques to the anomaly-based IDS

This paper introduces an approach to anomaly-based intrusion detection, which searches the system activity data for deviations from preliminarily described profiles of normal activity. The normal system activity in the proposed methodology is described using data mining techniques, namely classification trees. The intrusion detection is performed using some similarity coefficients with a purpose to measure the similarity between the normal activity and the current one. The evaluation of the represented simulation results indicates the proposed methodology produces reliable and steady results.

[1]  Bin Li,et al.  A Distributed Hebb Neural Network for Network Anomaly Detection , 2007, ISPA.

[2]  Pierre Baldi,et al.  Assessing the accuracy of prediction algorithms for classification: an overview , 2000, Bioinform..

[3]  Yiannis G. Smirlis,et al.  A Classification Tree Application to Predict Total Ship Loss , 2005 .

[4]  Kymie M. C. Tan,et al.  Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits , 2002, RAID.

[5]  Wei-Ying Ma,et al.  Learning similarity measure for natural image retrieval with relevance feedback , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[6]  F. Gregory Ashby,et al.  Toward a Unified Theory of Similarity and Recognition , 1988 .

[7]  Sören Sonnenburg,et al.  Computation of Similarity Measures for Sequential Data using Generalized Suffix Trees , 2006, NIPS.

[8]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[9]  Cedric Michel,et al.  Intrusion detection: A bibliography , 2001 .

[10]  Giri Kumar Tayi,et al.  Statistical machine learning for network intrusion detection: a data quality perspective , 2008 .

[11]  Mohammad Saniee Abadeh,et al.  A parallel genetic local search algorithm for intrusion detection in computer networks , 2007, Eng. Appl. Artif. Intell..

[12]  Sugata Sanyal,et al.  Evolution Induced Secondary Immunity: An Artificial Immune System Based Intrusion Detection System , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[13]  Hui Gao,et al.  Parallel and Distributed Processing and Applications , 2005 .

[14]  Bin Huang,et al.  An Intrusion Detection Method Based on Outlier Ensemble Detection , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[15]  Feng Yong,et al.  Intrusion Detection Based on Density Level Sets Estimation , 2008, 2008 International Conference on Networking, Architecture, and Storage.

[16]  B. Matthews Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[17]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[18]  Konrad Rieck,et al.  Linear-Time Computation of Similarity Measures for Sequential Data , 2008, J. Mach. Learn. Res..

[19]  Rung-Ching Chen,et al.  Using Fuzzy Neural Networks and rule heuristics for anomaly intrusion detection on database connection , 2008, 2008 International Conference on Machine Learning and Cybernetics.

[20]  Andrew R. Webb,et al.  Statistical Pattern Recognition , 1999 .

[21]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[22]  Lin Yao,et al.  A Low Complexity Intrusion Detection Algorithm , 2007, International Conference on Computational Science.

[23]  N. Srinivasan,et al.  Using Random Forests for Network-based Anomaly detection at Active routers , 2008, 2008 International Conference on Signal Processing, Communications and Networking.

[24]  V. Rao Vemuri,et al.  Adaptive anomaly detection with evolving connectionist systems , 2007, J. Netw. Comput. Appl..

[25]  Michael R. Anderberg,et al.  Cluster Analysis for Applications , 1973 .

[26]  Andy Podgurski,et al.  Application-based anomaly intrusion detection with dynamic information flow analysis , 2008, Comput. Secur..

[27]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[28]  Jian Yin,et al.  Fast detection of database system abuse behaviors based on data mining approach , 2007, InfoScale '07.

[29]  Christopher Krügel,et al.  A multi-model approach to the detection of web-based attacks , 2005, Comput. Networks.

[30]  Jack Dongarra,et al.  Computational Science - ICCS 2007, 7th International Conference, Beijing, China, May 27 - 30, 2007, Proceedings, Part III , 2007, ICCS.