Intrusion Detection System Using Sequence and Set Preserving Metric
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we investigate the use of sequences of system calls for classifying intrusions and faults induced by privileged processes in Unix Operating system. In our work we applied sequence-data mining approach in the context of intrusion detection system (IDS). This paper introduces a new similarity measure that considers both sequence as well as set similarity among sessions. Considering both order of occurrences as well as content in a session enhances the capabilities of kNN classifier significantly, especially in the context of intrusion detection. From our experiments on DARPA 1998 IDS dataset we infer that the order of occurrences plays a major role in determining the nature of the session. The objective of this work is to construct concise and accurate classifiers to detect anomalies based on sequence as well as set similarity.
Unable to display preview. Download preview PDF.
- 1.Bace, R.: Intrusion Detection. Macmillan Technical Publishing, Basingstoke (2000)Google Scholar
- 2.Base, R., Mell, P.: NIST special publication on intrusion detection system. NIST, pp. 800–831 (2001)Google Scholar
- 3.Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of self for UNIX process. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128 (1996)Google Scholar
- 4.Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System calls. Journal of Computer Security 6, 151–180 (1996)Google Scholar
- 5.Kumar, S., Sppafford, E.H.: A pattern matching model for misuse intrusion detection. In: 17th National Computer Security Conference, pp. 11–21 (1994)Google Scholar
- 6.Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium (1998)Google Scholar
- 8.Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: Proceedings USENIX Security, pp. 51–59 (2002)Google Scholar
- 9.Rawat, S., Pujari, A.K., Gulati, V.P., Vemuri Rao, V.: Intrusion Detection using Text Processing Techniques with a Binary-Weighted Cosine Metric. International Journal of Information Security (2004)Google Scholar