Title :
Intrusion detection. Applying machine learning to Solaris audit data
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Tulane Univ., New Orleans, LA, USA
Abstract :
An intrusion detection system (IDS) seeks to identify unauthorized access to computer systems´ resources and data. The most common analysis tool that these modern systems apply is the operating system audit trail that provides a fingerprint of system events over time. In this research, the Basic Security Module auditing tool of Sun´s Solaris operating environment was used in both an anomaly and misuse detection approach. The anomaly detector consisted of the statistical likelihood analysis of system calls, while the misuse detector was built with a neural network trained on groupings of system calls. This research demonstrates the potential benefits of combining both aspects of detection in future IDSs to decrease false positive and false negative errors
Keywords :
auditing; computer crime; learning (artificial intelligence); neural nets; operating systems (computers); statistical analysis; system monitoring; Basic Security Module; Sun Solaris operating environment; anomaly detection; audit data; computer system data; computer system resources; false negative errors; false positive errors; intrusion detection system; machine learning; misuse detection; neural network training; operating system audit trail; statistical likelihood analysis; system calls; system events; unauthorized access identification; Computer errors; Data security; Detectors; Humans; Information security; Intrusion detection; Machine learning; Neural networks; Operating systems; Sun;
Conference_Titel :
Computer Security Applications Conference, 1998. Proceedings. 14th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-8186-8789-4
DOI :
10.1109/CSAC.1998.738647
