Abstract
Intrusion detection is an important technique for computer and information system. S. Forrest and coworkers present us that short sequences of system calls are good signature descriptions for anomalous intrusion detection [10]. This paper extends their works by applying mining fuzzy association rules to intrusion detection. After giving a primary classification of system calls based on threat level and its classification identifier numbers, we generate series short sequences of sendmail trace data and transform them into fuzzy expression. Then we extract the Most Dangerous Sequences Database (MDSD) from the fuzzy expression data, according to the specific threshold. For the MDSD database, we apply mining fuzzy association rules to detect each sequence is “normal” or “abnormal”. The prototype experimental results demonstrate that the proposed method gives enough ability for intrusion detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. The Seventh USENIX Security Symposium (January 1998)
Liu, Z., Florez, G., Bridges, S.M.: A Comparison Of Input Representations In Neural Networks: A Case Study in Intrusion Detection. In: International Joint Conference on Neural Networks (IJCNN), Honolulu, Hawaii (2002)
Liu, Z., Bridges, S.M., Vaughn, R.B.: Classification of Anomalous Traces of Privileged and Parallel Programs by Neural Networks. In: Proceeding of the 12th IEEE International Conference on Fuzzy Systems (2003)
Agrawal, R., Srikant, R.: Fast Algorithms for Mining Association Rules. In: 20th International Conference on Very Large Databases, Santiago, Chile (September 1994)
Kuok, C., Fu, A., Wong, M.: Mining Fuzzy Association Rules in Databases. SIGMOD Record 17(1), 41–46
Srinkant, R., Agrawal, R.: Mining Quangtitative Association Rules in Large Relation Tables. In: SIGMOD (1996)
Dickerson, J.E., Juslin, J., Loulousoula, O., Dickerson, J.A.: Fuzzy Intrusion Detection. In: IFSA World Congress and 20th North American Fuzzy information Processing Society (NAFIPS) International Conference (2001)
Hai, J., Jianhua, S., Hao, C., Zongfen, H.: A Fuzzy Data Mining Based Intrusion Detection Model. In: Proceedings of the 10th IEEE international workshop on future trends of distributed Computing System (FTDCS 2004). IEEE, Los Alamitos (2004)
Florez, G., Bridge, S.M., Vaughn, R.B.: An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection. IEEE, Los Alamitos (2002)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for UNIX Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)
Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and Classification of Intrusions Using System Calls. SIGMOD RECORD 30(4), 25–34 (2001)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security (1998)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions Using System Calls: alternative data models. IEEE Computer Society, Los Alamitos (1999)
Ming, X., Chun, C., Jing, Y.: Anomaly Detection Based on Sytem Call Classification. Journal of Software, China (2004)
Lee, W., Stolfo, S., Chan, P.: Learning Patterns from UNIX Process Execution Traces from Intrusion Detection. In: AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)
Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25(15) (September 15, 2002)
Michael, C.C.: Finding the Vocabulary of Program Behavior Data for Anomaly Detection. In: Proceeding of DARPA Information Survivability Conference and Exposition, vol. 1 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, G. (2005). Applying Mining Fuzzy Association Rules to Intrusion Detection Based on Sequences of System Calls. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_87
Download citation
DOI: https://doi.org/10.1007/11534310_87
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28102-3
Online ISBN: 978-3-540-31868-2
eBook Packages: Computer ScienceComputer Science (R0)