Advertisement

Intrusion Detection System Using Sequence and Set Preserving Metric

  • Pradeep Kumar
  • M. Venkateswara Rao
  • P. Radha Krishna
  • Raju S. Bapi
  • Arijit Laha
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3495)

Abstract

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we investigate the use of sequences of system calls for classifying intrusions and faults induced by privileged processes in Unix Operating system. In our work we applied sequence-data mining approach in the context of intrusion detection system (IDS). This paper introduces a new similarity measure that considers both sequence as well as set similarity among sessions. Considering both order of occurrences as well as content in a session enhances the capabilities of kNN classifier significantly, especially in the context of intrusion detection. From our experiments on DARPA 1998 IDS dataset we infer that the order of occurrences plays a major role in determining the nature of the session. The objective of this work is to construct concise and accurate classifiers to detect anomalies based on sequence as well as set similarity.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bace, R.: Intrusion Detection. Macmillan Technical Publishing, Basingstoke (2000)Google Scholar
  2. 2.
    Base, R., Mell, P.: NIST special publication on intrusion detection system. NIST, pp. 800–831 (2001)Google Scholar
  3. 3.
    Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of self for UNIX process. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128 (1996)Google Scholar
  4. 4.
    Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System calls. Journal of Computer Security 6, 151–180 (1996)Google Scholar
  5. 5.
    Kumar, S., Sppafford, E.H.: A pattern matching model for misuse intrusion detection. In: 17th National Computer Security Conference, pp. 11–21 (1994)Google Scholar
  6. 6.
    Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium (1998)Google Scholar
  7. 7.
    Levenshtein, L.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics–Doklady 10(7), 707–710 (1966)MathSciNetGoogle Scholar
  8. 8.
    Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: Proceedings USENIX Security, pp. 51–59 (2002)Google Scholar
  9. 9.
    Rawat, S., Pujari, A.K., Gulati, V.P., Vemuri Rao, V.: Intrusion Detection using Text Processing Techniques with a Binary-Weighted Cosine Metric. International Journal of Information Security (2004)Google Scholar
  10. 10.
    Mitchell, T.M.: Machine learning. Mc Graw Hill, New York (1997)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Pradeep Kumar
    • 1
    • 2
  • M. Venkateswara Rao
    • 1
    • 2
  • P. Radha Krishna
    • 1
  • Raju S. Bapi
    • 2
  • Arijit Laha
    • 1
  1. 1.Institute for Development and Research in Banking TechnologyIDRBTHyderabadIndia
  2. 2.University of HyderabadHyderabadIndia

Personalised recommendations