Abstract
Intrusion detection is an important technique in the defense-in-depth network security framework and a hot topic in computer security in recent years. In this paper, a new intrusion detection method based on Principle Component Analysis (PCA) with low overhead and high efficiency is presented. System call data and command sequences data are used as information sources to validate the proposed method. The frequencies of individual system calls in a trace and individual commands in a data block are computed and then data column vectors which represent the traces and blocks of the data are formed as data input. PCA is applied to reduce the high dimensional data vectors and distance between a vector and its projection onto the subspace reduced is used for anomaly detection. Experimental results show that the proposed method is promising in terms of detection accuracy, computational expense and implementation for real-time intrusion detection.
The research in this paper was supported in part by the National Outstanding Young Investi-gator Grant (6970025), National Natural Science Foundation (60243001) and 863 High Tech Development Plan (2001AA140213) of China.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 130–143. IEEE Computer Society Press, Oakland (2001)
Anderson, D., Frivold, T., Valdes, A.: Next-Generation intrusion Detection Expert System (NIDES): A Summary. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, California (1995)
Schonlau, M., Theus, M.: Detecting Masquerades in Intrusion Detection Based on Unpopular Commands. Information Processing Letters 76, 33–38 (2000)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Oakland (1996)
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium, Usenix Association, San Antonio, Texas, pp. 79–94 (1998)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions Using System Calls: Alternative Data Models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 133–145. IEEE Computer Society Press, Oakland (1999)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn., pp. 568–570. China Machine Press, Beijing (2004)
Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, New York (2002)
Turk, M., Pentland, A.: Eigenfaces for Recognition. Journal of Cognitive Neuroscience 3(1), 71–86 (1991)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, W., Guan, X., Zhang, X. (2004). A Novel Intrusion Detection Method Based on Principle Component Analysis in Computer Security. In: Yin, FL., Wang, J., Guo, C. (eds) Advances in Neural Networks - ISNN 2004. ISNN 2004. Lecture Notes in Computer Science, vol 3174. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28648-6_105
Download citation
DOI: https://doi.org/10.1007/978-3-540-28648-6_105
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22843-1
Online ISBN: 978-3-540-28648-6
eBook Packages: Springer Book Archive