Anoamaly intrusion detection method based on Rough Set Theory

Author

Li, Yong-zhong ; Zhao, Bo ; Xu, Jing ; Yang, Ge

Author_Institution

Sch. of Electrics & Inf., Jiangsu Univ. of Sci. & Technol., Zhenjiang

Volume

2

fYear

2008

fDate

30-31 Aug. 2008

Firstpage

764

Lastpage

770

Abstract

Rough Set Theory has been widely used in pattern recognition. In this paper, the rough set theory has been applied to the intrusion detection. An effective method based rough set for anomaly intrusion detection with low overhead and high efficiency has been presented. The method is based on Rough Set Theory to extract a set of detection rules with a minimal size as the normal behavior model from the system call sequences generated during the normal execution of a process. It is capable of detecting the abnormal operating status of a process and thus reporting a possible intrusion. This method requires a smaller size of training data set compared with other methods, less effort to collect training data and is more suitable for real-time detection. Experimental results show that this method is promising in terms of detection accuracy and efficiency.

Keywords

rough set theory; security of data; anomaly intrusion detection method; pattern recognition; rough set theory; system call sequences; Databases; Hidden Markov models; Information analysis; Intrusion detection; Machine learning; Pattern analysis; Pattern recognition; Set theory; Training data; Wavelet analysis; Anomaly detection; Intrusion detection; Rough sets;

fLanguage

English

Publisher

ieee

Conference_Titel

Wavelet Analysis and Pattern Recognition, 2008. ICWAPR '08. International Conference on

Conference_Location

Hong Kong

Print_ISBN

978-1-4244-2238-8

Electronic_ISBN

978-1-4244-2239-5

Type

conf

DOI

10.1109/ICWAPR.2008.4635880

Filename

4635880