CINXE.COM

{"title":"Intrusion Detection based on Distance Combination","authors":"Joffroy Beauquier, Yongjie Hu","volume":7,"journal":"International Journal of Computer and Information Engineering","pagesStart":1953,"pagesEnd":1962,"ISSN":"1307-6892","URL":"https:\/\/publications.waset.org\/pdf\/13410","abstract":"<p>The intrusion detection problem has been frequently studied, but intrusion detection methods are often based on a single point of view, which always limits the results. In this paper, we introduce a new intrusion detection model based on the combination of different current methods. First we use a notion of distance to unify the different methods. Second we combine these methods using the Pearson correlation coefficients, which measure the relationship between two methods, and we obtain a combined distance. If the combined distance is greater than a predetermined threshold, an intrusion is detected. We have implemented and tested the combination model with two different public data sets: the data set of masquerade detection collected by Schonlau &amp; al., and the data set of program behaviors from the University of New Mexico. The results of the experiments prove that the combination model has better performances.<\/p>\r\n","references":"[1] S. Couil, J. Branche, and B. Szymanski, \"Intrusion Detection: A\r\nBioinformatics Approach,\" in Proc. 19th Annu. Computer Security\r\nApplications Conf, Las Vegas, Nevada, Dec. 2003.\r\n[2] K. Christopher, V. Giovanni, \"Anomaly detection of web-based attacks,\"\r\nin Proc. 10th ACM Conf. Computer and Communications Security,\r\nWanshington D.C., USA, Oct. 2003. ACM Press New York, NY, USA.\r\n[3] S. Forrest, S. Hofmeyr, A. Somayaji, T. Longstaff, \"A sense of Self For\r\nUnix Processes,\" in Proc. 1996 IEEE Symposium on Security and\r\nPrivacy, Oakland, California, USA, May 1996, pp.120-128. IEEE\r\nComputer Society Press, Los Alamitos, California.\r\n[4] S. Freeman, \"Host-based Intrusion Detection Using signatures,\" in\r\nGraduate Research Conf. Troy, NY, 2002.\r\n[5] H.S. Javitz, A. Valdes, \"The SRI IDES statistical anomaly detector,\" in\r\nProc. 1996 IEEE Symposium on Security and Privacy, Oakland,\r\nCalifornia, USA, May 1991, pp.316-326. IEEE Computer Society Press,\r\nLos Alamitos, California.\r\n[6] W. Lee, S.J. Stolfo, \" A framework for constructing features and models\r\nfor intrusion detection systems,\" ACM Trans. Information and system\r\nsecurity, vol.3, no. 4 , 2000, pp.227-261.\r\n[7] W. Lee, S.J. Stolfo, \"Data Mining Approaches for Intrusion Detection,\"\r\nin Proc. 7th USENIX Security Symposium, San Antonio, Texas, January\r\n1998, pp.26-29.\r\n[8] D.E. Denning, \"An intrusion-detection model,\" IEEE Trans. Software\r\nEngineering, vol.13, no. 2 , Feb. 1987, pp. 222-232.\r\n[9] R. Maxion, T. Townsend, \"Masquerade Detection Using Truncated\r\nCommand Lines,\" in Int. conf. on Dependable Systems and Networks,\r\nWashington, D.C., American, June 2002 pp. 219-228. IEEE Computer\r\nSociety Press, Los Alamitos, California.\r\n[10] D. Gao, M. K. Retier, D. Song, \"Behavioral distance measurement using\r\nhidden markov models\", In Conf. Recent Advanced in Intrusion\r\nDetection (RAID), Hamburg, Germany, Sep. 2006, pp.19-40.\r\n[11] S. Rubin, S. Jha, B. Miller, \"Automatic generation and analysis of NIDS\r\nattacks,\" in proc. 20th Annu. Computer security applications conf.\r\nTucson, AZ, USA, Dec 2004, pp 28-38. IEEE Computer society 2004.\r\n[12] M.Schonlau, W.DuMouchel, \"Computer Intrusion: Detecting\r\nMasquerades,\" J. Statistical Science, vol.16, no.1, Feb 2001, pp. 58-74.\r\n[13] M. Srinivas, H.S. Andrew, A. Ajith, \"Intrusion detection using an\r\nensemble of intelligent paradigms,\" J. nerwork and computer\r\napplications, vol 28, 2005, pp. 167-182.\r\n[14] A. Steven, S. Hofmeyr, S. Forrest, and A. Somayaji, \"Intrusion Detection\r\nusing sequences of system calls,\" J. Computer Security, vol. 6, no. 3\r\n1998, pp. 151-180.\r\n[15] C. Warrender, S. Forrest, B. Pearlmutter, \"Detecting intrusions using\r\nsystem calls: alternative data models,\" In Proce. 1999 IEEE Symposium\r\non Security and Privacy, Oakland, California, USA, May 1999,\r\npp.133-145. IEEE Computer Society Press, Los Alamitos, California.\r\n[16] W. Fan, S. Stolfo, \"Ensemble-based adaptive intrusion detection\", In\r\nProc. SIAM Inter. Conf. Data minging 2002.\r\n[17] F. Gianluigi, P. Clara, S. Giandomenico, \"GP ensemble for distributed\r\nintrusion detection systems\", Pattern Recognition and Data Mining, vol\r\n3868, pp.54-62, Sep. 2005.\r\n[18] G.Giacinto, F. Roli, \"Intrusion detection in computer networks by\r\nmultiple classifer systems\", In Proc. 16th Inter. Conf Pattern recognition.,\r\nQuebec, Canada, 2002, pp.390-393.","publisher":"World Academy of Science, Engineering and Technology","index":"Open Science Index 7, 2007"}