| Detecting network intrusions by data mining and variable-length sequence pattern matching | |
| Tian Xinguang1,2; Duan Miyi1,2; Sun Chunlai; Liu Xin | |
| 刊名 | JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS
 |
| 2009-04-01 | |
| 卷号 | 20期号:2页码:405-411 |
| 关键词 | intrusion detection anomaly detection system call data mining variable-length pattern |
| ISSN号 | 1004-4132 |
| 英文摘要 | Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance. |
| 资助项目 | National Grand Fundamental Research 973 Program of China[2004CB318109] ; National High-Technology Research and Development Plan of China[2006AA01Z452] ; National Information Security 242 Program of China[2005C39] |
| WOS研究方向 | Automation & Control Systems ; Engineering ; Operations Research & Management Science |
| 语种 | 英语 |
| 出版者 | SYSTEMS ENGINEERING & ELECTRONICS, EDITORIAL DEPT |
| WOS记录号 | WOS:000266439400028 |
| 内容类型 | 期刊论文 |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/11891]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Tian Xinguang |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Beijing Jiaotong Univ, Inst Comp Technol, Beijing 100029, Peoples R China |
| 推荐引用方式 GB/T 7714 | Tian Xinguang,Duan Miyi,Sun Chunlai,et al. Detecting network intrusions by data mining and variable-length sequence pattern matching[J]. JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,2009,20(2):405-411. |
| APA | Tian Xinguang,Duan Miyi,Sun Chunlai,&Liu Xin.(2009).Detecting network intrusions by data mining and variable-length sequence pattern matching.JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,20(2),405-411. |
| MLA | Tian Xinguang,et al."Detecting network intrusions by data mining and variable-length sequence pattern matching".JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS 20.2(2009):405-411. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论