Title :
Anoamaly intrusion detection method based on Rough Set Theory
Author :
Li, Yong-zhong ; Zhao, Bo ; Xu, Jing ; Yang, Ge
Author_Institution :
Sch. of Electrics & Inf., Jiangsu Univ. of Sci. & Technol., Zhenjiang
Abstract :
Rough Set Theory has been widely used in pattern recognition. In this paper, the rough set theory has been applied to the intrusion detection. An effective method based rough set for anomaly intrusion detection with low overhead and high efficiency has been presented. The method is based on Rough Set Theory to extract a set of detection rules with a minimal size as the normal behavior model from the system call sequences generated during the normal execution of a process. It is capable of detecting the abnormal operating status of a process and thus reporting a possible intrusion. This method requires a smaller size of training data set compared with other methods, less effort to collect training data and is more suitable for real-time detection. Experimental results show that this method is promising in terms of detection accuracy and efficiency.
Keywords :
rough set theory; security of data; anomaly intrusion detection method; pattern recognition; rough set theory; system call sequences; Databases; Hidden Markov models; Information analysis; Intrusion detection; Machine learning; Pattern analysis; Pattern recognition; Set theory; Training data; Wavelet analysis; Anomaly detection; Intrusion detection; Rough sets;
Conference_Titel :
Wavelet Analysis and Pattern Recognition, 2008. ICWAPR '08. International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-2238-8
Electronic_ISBN :
978-1-4244-2239-5
DOI :
10.1109/ICWAPR.2008.4635880
