The Application of the Relative Entropy Density Divergence in Intrusion Detection Models

How to choose the best model based on the original audit data in intrusion detection system(IDS)? In this work, we use the relative entropy density divergence as a measure of the IDS models. Through the data's probability distribution dependence analysis, carries on the comparison to the different IDS models based on the original audit data. The model whose probability distribution conforms to the real probability distribution of the data is the better one. Thus according to the data set's feature to select the IDS model.

[1]  Zhong Anming,et al.  Study on the applications of hidden Markov models to computer intrusion detection , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[2]  Wei Wang,et al.  Modeling program behaviors by hidden Markov models for intrusion detection , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[3]  Kymie M. C. Tan,et al.  Determining the operational limits of an anomaly-based intrusion detector , 2003, IEEE J. Sel. Areas Commun..

[4]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[5]  M. Do Fast approximation of Kullback-Leibler distance for dependence trees and hidden Markov models , 2003, IEEE Signal Processing Letters.

[6]  Yonggang Pang,et al.  A hidden Markov models-based anomaly intrusion detection method , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[7]  R. Gray Entropy and Information Theory , 1990, Springer New York.

[8]  Guofei Gu,et al.  Measuring intrusion detection capability: an information-theoretic approach , 2006, ASIACCS '06.

[9]  Boris Skoric,et al.  Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems , 2006, ESORICS.

[10]  Fady Alajaji,et al.  The Kullback-Leibler divergence rate between Markov sources , 2004, IEEE Transactions on Information Theory.