Title :
A new intrusion detection method based on behavioral model
Author :
Yin, Qingbo ; Shen, Liran ; Zhang, Rubo ; Li, Xueyao
Author_Institution :
Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., China
Abstract :
Intrusion detection has emerged as an important approach to network security. A new method for anomaly intrusion detection is proposed based on linear prediction and Markov chain model. Linear prediction is employed to extract features from system calls sequences of the privileged processes which are used to make up of the character database of those processes, and then the Markov chain model is founded based on those features. The observed behavior of the system is analyzed to infer the probability that the Markov chain model of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The experiments show this method is effective and efficient, and can be used in practice to monitor the computer system in real time.
Keywords :
Markov processes; computer networks; security of data; Markov chain model; behavioral model; character database; computer system monitoring; feature extraction; intrusion detection; linear prediction model; network security; Computer science; Computer security; Computerized monitoring; Data security; Electronic mail; Feature extraction; Handwriting recognition; Intrusion detection; Predictive models; Spatial databases;
Conference_Titel :
Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on
Print_ISBN :
0-7803-8273-0
DOI :
10.1109/WCICA.2004.1342339
