Title :
Suppressing false alarms of intrusion detection using improved text categorization method
Author :
Zhang, Zonghua ; Shen, Hong
Author_Institution :
Graduate Sch. of Inf. Sci., Japan Adv. Inst. of Sci. & Technol., Ishiwaka, Japan
Abstract :
Although some text processing techniques can be employed to intrusion detection based on the characterization of the frequencies of the system calls executed by the privileged programs, and achieve satisfactory detection accuracy, high false alarms make it hardly practicable in real life. We modify the traditional weighting method tf-idf for suppressing false alarms by considering the necessary information between the processes and sessions. Preliminary experiments with 1998 DARPA BSM auduit data show that our modified method can suppress high false alarms effectively while maintaining satisfactory detection accuracy, which thus make text categorization approaches more practicable for intrusion detection.
Keywords :
security of data; text analysis; DARPA BSM auduit data; false alarm suppression; intrusion detection; privileged programs; satisfactory detection accuracy; support vector machines; system calls; text categorization method; tf-idf weighting method; Data mining; Electronic mail; Frequency; Information analysis; Information science; Intrusion detection; Machine learning; Pattern recognition; Text categorization; Text processing;
Conference_Titel :
e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004 IEEE International Conference on
Print_ISBN :
0-7695-2073-1
DOI :
10.1109/EEE.2004.1287303
