Signature-Based Approach for Intrusion Detection
This research presents a data mining technique for discovering masquerader intrusion. User/system access data are used as a basis for deriving statistically significant event patterns. These patterns could be considered as a user/system access signature. Signature-based approach employs a model discovery technique to derive a reference ground model accounting for the user/system access data. A unique characteristic of this reference ground model is that it captures the statistical characteristics of the access signature, thus providing a basis for reasoning the existence of a security intrusion based on comparing real time access signature with that embedded in the reference ground model. The effectiveness of this approach will be evaluated based on comparative performance using a publicly available data set that contains user masquerade.
KeywordsReceiver Operating Characteristic Receiver Operating Characteristic Curve Intrusion Detection Event Pattern Association Pattern
Unable to display preview. Download preview PDF.
- 1.Kumar, S.: Classification and Detection of Computer Intrusions, Ph.D. thesis, Purdue University (August 1995)Google Scholar
- 2.Lee, W., Srolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the 7th USENIX Security Symposium, San Antonio, Texas (January 1998)Google Scholar
- 3.etrust Audit: Policy Management Guide 1.5. Computer Associates (2003)Google Scholar
- 4.Sun Microsystems. SunShield Basic Security Module GuideGoogle Scholar
- 5.Frank, J.: Artificial Intelligence and Intrusion Detection: Current and Future Directions, June 9 (1994)Google Scholar
- 6.Ju, W.-H., Vardi, Y.: A Hybrid High-order Markov Chain Model for Computer Intrusion Detection. J. of Computational & Graphical Statistics 10(2) (2001)Google Scholar
- 8.Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules between Sets of Items in large Databases. In: Proc. ACM SIGMOD Conf., Washington DC (May 1993)Google Scholar
- 10.Sy, B., Gupta, A.: Information-statistical Data Mining: Warehouse Integration with Examples of Oracle Basics (2004) ISBN 1-4020-7650-9Google Scholar
- 12.Fawcett, T.: ROC Graphs: Notes and Practical Considerations for Data Mining Researchers. Technical Report HPL-2003-4, Intelligent Enterprise Technologies Laboratory, HP Laboratories Palo Alto, January 7 (2003)Google Scholar
- 13.Eskin, E.: Anomaly Detection over Noisy Data Using Learned Probability Distributions. In: Proc. of the 17th International Conference on Machine Learning, pp. 255–262. Morgan Kaufmann, San Francisco (2000)Google Scholar