Abstract
There have been a number of researches to apply data mining techniques to intrusion detection. However, most of researches have mainly focused on the intrusion detection system in network area and have been done shortly in host area by applying a certain data mining technique to host-based intrusion detection. In this paper, we propose the architecture of host-based intrusion detection model generation system which creates candidate models by various and popular existing data mining techniques and one new technique (sC4.5) for the process behavior data set with the frequency feature per system call and then elects the best appropriate model according to user requirements after evaluating candidate models. The frequency feature per system call is simpler than the existing system call sequence feature in applying to intrusion detection system as the model. We also propose sC4.5 as a decision tree classification algorithm by complimenting existing C4.5 algorithm. sC4.5 preserves classification accuracy like C4.5 and make the decision tree smaller than C4.5.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
