Intrusion Detection based on Distance Combination
Authors: Joffroy Beauquier, Yongjie Hu
Abstract:
The intrusion detection problem has been frequently studied, but intrusion detection methods are often based on a single point of view, which always limits the results. In this paper, we introduce a new intrusion detection model based on the combination of different current methods. First we use a notion of distance to unify the different methods. Second we combine these methods using the Pearson correlation coefficients, which measure the relationship between two methods, and we obtain a combined distance. If the combined distance is greater than a predetermined threshold, an intrusion is detected. We have implemented and tested the combination model with two different public data sets: the data set of masquerade detection collected by Schonlau & al., and the data set of program behaviors from the University of New Mexico. The results of the experiments prove that the combination model has better performances.
Keywords: Intrusion detection, combination, distance, Pearson correlation coefficients.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1081073
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1802References:
[1] S. Couil, J. Branche, and B. Szymanski, "Intrusion Detection: A Bioinformatics Approach," in Proc. 19th Annu. Computer Security Applications Conf, Las Vegas, Nevada, Dec. 2003.
[2] K. Christopher, V. Giovanni, "Anomaly detection of web-based attacks," in Proc. 10th ACM Conf. Computer and Communications Security, Wanshington D.C., USA, Oct. 2003. ACM Press New York, NY, USA.
[3] S. Forrest, S. Hofmeyr, A. Somayaji, T. Longstaff, "A sense of Self For Unix Processes," in Proc. 1996 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1996, pp.120-128. IEEE Computer Society Press, Los Alamitos, California.
[4] S. Freeman, "Host-based Intrusion Detection Using signatures," in Graduate Research Conf. Troy, NY, 2002.
[5] H.S. Javitz, A. Valdes, "The SRI IDES statistical anomaly detector," in Proc. 1996 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1991, pp.316-326. IEEE Computer Society Press, Los Alamitos, California.
[6] W. Lee, S.J. Stolfo, " A framework for constructing features and models for intrusion detection systems," ACM Trans. Information and system security, vol.3, no. 4 , 2000, pp.227-261.
[7] W. Lee, S.J. Stolfo, "Data Mining Approaches for Intrusion Detection," in Proc. 7th USENIX Security Symposium, San Antonio, Texas, January 1998, pp.26-29.
[8] D.E. Denning, "An intrusion-detection model," IEEE Trans. Software Engineering, vol.13, no. 2 , Feb. 1987, pp. 222-232.
[9] R. Maxion, T. Townsend, "Masquerade Detection Using Truncated Command Lines," in Int. conf. on Dependable Systems and Networks, Washington, D.C., American, June 2002 pp. 219-228. IEEE Computer Society Press, Los Alamitos, California.
[10] D. Gao, M. K. Retier, D. Song, "Behavioral distance measurement using hidden markov models", In Conf. Recent Advanced in Intrusion Detection (RAID), Hamburg, Germany, Sep. 2006, pp.19-40.
[11] S. Rubin, S. Jha, B. Miller, "Automatic generation and analysis of NIDS attacks," in proc. 20th Annu. Computer security applications conf. Tucson, AZ, USA, Dec 2004, pp 28-38. IEEE Computer society 2004.
[12] M.Schonlau, W.DuMouchel, "Computer Intrusion: Detecting Masquerades," J. Statistical Science, vol.16, no.1, Feb 2001, pp. 58-74.
[13] M. Srinivas, H.S. Andrew, A. Ajith, "Intrusion detection using an ensemble of intelligent paradigms," J. nerwork and computer applications, vol 28, 2005, pp. 167-182.
[14] A. Steven, S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion Detection using sequences of system calls," J. Computer Security, vol. 6, no. 3 1998, pp. 151-180.
[15] C. Warrender, S. Forrest, B. Pearlmutter, "Detecting intrusions using system calls: alternative data models," In Proce. 1999 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1999, pp.133-145. IEEE Computer Society Press, Los Alamitos, California.
[16] W. Fan, S. Stolfo, "Ensemble-based adaptive intrusion detection", In Proc. SIAM Inter. Conf. Data minging 2002.
[17] F. Gianluigi, P. Clara, S. Giandomenico, "GP ensemble for distributed intrusion detection systems", Pattern Recognition and Data Mining, vol 3868, pp.54-62, Sep. 2005.
[18] G.Giacinto, F. Roli, "Intrusion detection in computer networks by multiple classifer systems", In Proc. 16th Inter. Conf Pattern recognition., Quebec, Canada, 2002, pp.390-393.