Title :
Intrusion detection based on the short sequence model
Author :
Mao, Guojun ; Zhang, Jing ; Wu, Xindong
Author_Institution :
Sch. of Comput. Sci., Beijing Univ. of Technol., Beijing
Abstract :
Computer intrusions are taking place everywhere, and have become a major concern for information security. Most intrusions to a computer system may result from illegitimate or irregular calls to the operating system, so analyzing the system-call sequences becomes an important and fundamental technique to detect potential intrusions. In this paper, we propose two algorithms, based on frequency patterns (FP) and tree patterns (TP) for intrusion detection respectively. FP employs a typical method of sequential mining based on frequency analysis, and uses a short sequence model to quickly find out frequent sequential patterns in the training system-call sequences. TP makes use of the technique of tree pattern mining, and can get a quality profile from the training system-call sequences of a given system. Experimental results show that FP has good performances in training and detecting intrusions from short system-call sequences, and TP can achieve a high detection precision in handling long sequences.
Keywords :
data mining; security of data; FP; TP; computer intrusions; computer system; frequency patterns; information security; intrusion detection; operating system; sequential mining; short sequence model; system-call sequences; tree patterns; Aquaculture; Automation; Computer science; Data mining; Frequency; Hidden Markov models; Information security; Intelligent control; Intrusion detection; Operating systems; Frequency pattern (FP); Information security; Intrusion Detection; System-call sequence; Tree pattern (TP);
Conference_Titel :
Intelligent Control and Automation, 2008. WCICA 2008. 7th World Congress on
Conference_Location :
Chongqing
Print_ISBN :
978-1-4244-2113-8
Electronic_ISBN :
978-1-4244-2114-5
DOI :
10.1109/WCICA.2008.4593135
