Skip to main content
SpringerLink
Log in

Applying Mining Fuzzy Association Rules to Intrusion Detection Based on Sequences of System Calls

  • Conference paper
Networking and Mobile Computing (ICCNMC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3619))

Included in the following conference series:

Abstract

Intrusion detection is an important technique for computer and information system. S. Forrest and coworkers present us that short sequences of system calls are good signature descriptions for anomalous intrusion detection [10]. This paper extends their works by applying mining fuzzy association rules to intrusion detection. After giving a primary classification of system calls based on threat level and its classification identifier numbers, we generate series short sequences of sendmail trace data and transform them into fuzzy expression. Then we extract the Most Dangerous Sequences Database (MDSD) from the fuzzy expression data, according to the specific threshold. For the MDSD database, we apply mining fuzzy association rules to detect each sequence is “normal” or “abnormal”. The prototype experimental results demonstrate that the proposed method gives enough ability for intrusion detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. The Seventh USENIX Security Symposium (January 1998)

    Google Scholar 

  2. Liu, Z., Florez, G., Bridges, S.M.: A Comparison Of Input Representations In Neural Networks: A Case Study in Intrusion Detection. In: International Joint Conference on Neural Networks (IJCNN), Honolulu, Hawaii (2002)

    Google Scholar 

  3. Liu, Z., Bridges, S.M., Vaughn, R.B.: Classification of Anomalous Traces of Privileged and Parallel Programs by Neural Networks. In: Proceeding of the 12th IEEE International Conference on Fuzzy Systems (2003)

    Google Scholar 

  4. Agrawal, R., Srikant, R.: Fast Algorithms for Mining Association Rules. In: 20th International Conference on Very Large Databases, Santiago, Chile (September 1994)

    Google Scholar 

  5. Kuok, C., Fu, A., Wong, M.: Mining Fuzzy Association Rules in Databases. SIGMOD Record 17(1), 41–46

    Google Scholar 

  6. Srinkant, R., Agrawal, R.: Mining Quangtitative Association Rules in Large Relation Tables. In: SIGMOD (1996)

    Google Scholar 

  7. Dickerson, J.E., Juslin, J., Loulousoula, O., Dickerson, J.A.: Fuzzy Intrusion Detection. In: IFSA World Congress and 20th North American Fuzzy information Processing Society (NAFIPS) International Conference (2001)

    Google Scholar 

  8. Hai, J., Jianhua, S., Hao, C., Zongfen, H.: A Fuzzy Data Mining Based Intrusion Detection Model. In: Proceedings of the 10th IEEE international workshop on future trends of distributed Computing System (FTDCS 2004). IEEE, Los Alamitos (2004)

    Google Scholar 

  9. Florez, G., Bridge, S.M., Vaughn, R.B.: An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection. IEEE, Los Alamitos (2002)

    Google Scholar 

  10. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for UNIX Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)

    Google Scholar 

  11. Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and Classification of Intrusions Using System Calls. SIGMOD RECORD 30(4), 25–34 (2001)

    Article  Google Scholar 

  12. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security (1998)

    Google Scholar 

  13. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions Using System Calls: alternative data models. IEEE Computer Society, Los Alamitos (1999)

    Google Scholar 

  14. Ming, X., Chun, C., Jing, Y.: Anomaly Detection Based on Sytem Call Classification. Journal of Software, China (2004)

    Google Scholar 

  15. Lee, W., Stolfo, S., Chan, P.: Learning Patterns from UNIX Process Execution Traces from Intrusion Detection. In: AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)

    Google Scholar 

  16. Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25(15) (September 15, 2002)

    Google Scholar 

  17. Michael, C.C.: Finding the Vocabulary of Program Behavior Data for Anomaly Detection. In: Proceeding of DARPA Information Survivability Conference and Exposition, vol. 1 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electronic Information Engineering, Tianjin University,  

    Guiling Zhang

Authors
  1. Guiling Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Laboratory for Parallel and Distributed Processing, NUDT, 410073, Changsha, Hunan, China

    Xicheng Lu

  2. Department of Radiology, State University of New York at Stony Brook, L-4, 120 Health Sciences Center, 11793-8460, Stony Brook, New York,  

    Wei Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, G. (2005). Applying Mining Fuzzy Association Rules to Intrusion Detection Based on Sequences of System Calls. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_87

Download citation

  • DOI: https://doi.org/10.1007/11534310_87

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28102-3

  • Online ISBN: 978-3-540-31868-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation