Abstract
Our immunity-based anomaly detection system aims to detect anomalous behavior of users on a computer. To improve the detection accuracy, we introduced the framework of dynamically updating profiles into our system. Our system enables agents to update not only self profiles, but also nonself profiles. Briefly, our system enables agents to adapt to new behavior of the original users and of others. The receiver operating characteristic (ROC) analysis of our system indicated that the updating of both profiles markedly decreased both the false alarm rate and the missed alarm rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lane, T.: Hidden Markov models for human/computer interface modeling. In: IJCAI 1999 Workshop on Learning about Users, pp. 35–44 (1999)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Okamoto, T., Watanabe, Y., Ishida, Y.: Test statistics for a masquerader detection system – a comparison between hidden Markov model and other probabilistic models. Transactions of the ISCIE 16(2), 61–69 (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2774, pp. 488–495. Springer, Heidelberg (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Mechanism for generating immunity-based agents that detect masqueraders. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3214, pp. 534–540. Springer, Heidelberg (2004)
Okamoto, T., Ishida, Y.: Towards an immunity-based anomaly detection system for network traffic. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds.) KES 2006. LNCS (LNAI), vol. 4252, pp. 123–130. Springer, Heidelberg (2006)
Okamoto, T., Ishida, Y.: Framework of an immunity-based anomaly detection system for user behavior. In: Apolloni, B., Howlett, R.J., Jain, L.C. (eds.) KES 2007, Part III. LNCS (LNAI), vol. 4694, pp. 821–829. Springer, Heidelberg (2007)
Williams, P.D., Anchor, K.P., Bebo, J.L., Gunsch, G.H., Lamont, G.D.: CDIS: towards a computer immune system for detecting network intrusions. In: Lee, W., Me, L., Wespi, A. (eds.) Fourth International Symposium, Recent Advances in Intrusion Detection, pp. 117–133 (2001)
Ayara, M., Timmis, J., de Lemos, R., de Castro, L.N., Duncan, R.: Negative selection: how to generate detectors. In: Timmis, J., Bentley, P.J. (eds.) ICARIS, pp. 89–98. University of Kent at Canterbury (2002)
Esponda, F., Ackley, E., Forrest, S., Helman, P.: On-line negative databases. Journal of Unconventional Computing 1(3), 201–220 (2005)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T., Ishida, Y. (2008). Dynamic Updating of Profiles for an Immunity-Based Anomaly Detection System. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2008. Lecture Notes in Computer Science(), vol 5179. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85567-5_57
Download citation
DOI: https://doi.org/10.1007/978-3-540-85567-5_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85566-8
Online ISBN: 978-3-540-85567-5
eBook Packages: Computer ScienceComputer Science (R0)