Abstract
Abstract Computer intrusions are taking place everywhere, and have become a major concern for information security. Most intrusions to a computer system may result from illegitimate or irregular calls to the operating system, so analyzing the system-call sequences becomes an important and fundamental technique to detect potential intrusions. This paper proposes two models based on data mining technology, respectively called frequency patterns (FP) and tree patterns (TP) for intrusion detection. FP employs a typical method of sequential mining based on frequency analysis, and uses a short sequence model to find out quickly frequent sequential patterns in the training system-call sequences. TP makes use of the technique of tree pattern mining, and can get a quality profile from the training system-call sequences of a given system. Experimental results show that FP has good performances in training and detecting intrusions from short system-call sequences, and TP can achieve a high detection precision in han...
Highlights
Computer systems often suffer from a certain level of security flaws, which provide chances for intruders to attack computers for various purposes
The main advantage of misuse detection is that it can quickly determine known intrusive activities, but its biggest problem is that it can not discover any unknown attacks beyond defined signatures and so they may generate some false negatives which are riskier than false positives to harm the system
DARPA11,12 has conducted several evaluations on the state-of-the-art in intrusion detection systems. These results showed that the best intrusion detection systems had only detection rates below 70%, that is, the best intrusion detection systems can at most correctly identify 70% attack incidents in their computer systems
Summary
Computer systems often suffer from a certain level of security flaws, which provide chances for intruders to attack computers for various purposes. Misuse detection, known as signature detection, requires prior knowledge of possible attack patterns (or signatures) to match future intrusions. Both the technologies have their own advantages and disadvantages. Most of the research systems in the DARPA evaluations were leading commercial products that mainly employ misuse detection techniques. These systems were often not very effective for detecting new attacks, and the improvement is often too slow to keep up with the changes of sophisticated attackers who always develop new attack types. As a key technique to the defense against novel attacks, anomaly detection has received more attention in the research and development of intrusion detection
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Computational Intelligence Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
