A survey of anomaly intrusion detection techniques

Intrusion detection systems are based on two fundamental approaches: the detection of anomalous behavior as it deviates from normal behavior, and misuse detection by monitoring those "signatures" of those known malicious attacks and system vulnerabilities. Anomaly (behavior-based) IDSs assume the deviation of normal activities under attacks and perform abnormal detection compared with predefined system or user behavior reference model. This paper is to provide a survey of anomaly intrusion detection techniques. It presents a review about the evolution of intrusion detection systems over the past two decades. It focuses on recent research advances and trends in anomaly IDSs, including the application of statistics, machine learning, neural network, computer immunology, and data mining techniques.

[1]  Malek Ben Salem,et al.  Modeling User Search Behavior for Masquerade Detection , 2011, RAID.

[2]  Sung-Bae Cho,et al.  Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems , 2003, RAID.

[3]  Debin Gao,et al.  Behavioral Distance Measurement Using Hidden Markov Models , 2006, RAID.

[4]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[5]  Muhammad Zubair Shafiq,et al.  PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[6]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[7]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[9]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[10]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[11]  Sung-Bae Cho,et al.  Incorporating soft computing techniques into a probabilistic intrusion detection system , 2002, IEEE Trans. Syst. Man Cybern. Part C.

[12]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[13]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[14]  Carla E. Brodley,et al.  Approaches to Online Learning and Concept Drift for User Identification in Computer Security , 1998, KDD.

[15]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[16]  Ramakrishna Thurimella,et al.  A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures , 2006, RAID.

[17]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[18]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[19]  Salvatore J. Stolfo,et al.  One-Class Training for Masquerade Detection , 2003 .

[20]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000 .

[21]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .