A Compound Intrusion Detection Model

Intrusion detection systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to identify intrusion effectively and accurately. However, the performance of misuse intrusion detection system (MIDS) or anomaly intrusion detection system (AIDS) is not satisfying. In this paper, we study the issue of building a compound intrusion detection model, which has the merits of MIDS and AIDS. To build this compound model, we propose an improved Bayesian decision theorem. The improved Bayesian decision theorem brings some profits to this model: to eliminate the flaws of a narrow definition for intrusion patterns, to extend the known intrusions patterns to novel intrusions patterns, to reduce risks that detecting intrusion brings to system and to offer a method to build a compound intrusion detection model that integrates MIDS with AIDS.

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[3]  John E. Gaffney,et al.  Evaluation of intrusion detectors: a decision theory approach , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Sushil Jajodia,et al.  Abstraction-based misuse detection: high-level specifications and adaptable strategies , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[5]  Chae Hoon Lim,et al.  Information Security and Cryptology — ICISC 2002 , 2003, Lecture Notes in Computer Science.

[6]  Bianca Zadrozny,et al.  Learning and making decisions when costs and probabilities are both unknown , 2001, KDD '01.

[7]  G. Casella,et al.  Statistical Inference , 2003, Encyclopedia of Social Network Analysis and Mining.

[8]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[9]  T. Lane,et al.  Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .

[10]  Shigeki Goto,et al.  A new intrusion detection method based on process profiling , 2002, Proceedings 2002 Symposium on Applications and the Internet (SAINT 2002).

[11]  Michio Sugeno,et al.  Fuzzy systems theory and its applications , 1991 .

[12]  Hai Jin,et al.  A Data Mining Based Intrusion Detection Model , 2003, IDEAL.

[13]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[14]  Hai Jin,et al.  A Risk-Sensitive Intrusion Detection Model , 2002, ICISC.

[15]  Pedro M. Domingos MetaCost: a general method for making classifiers cost-sensitive , 1999, KDD '99.

[16]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[17]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.