Anomaly detection of user behavior based on shell commands and homogeneous Markov chains

	Anomaly detection of user behavior based on shell commands and homogeneous Markov chains
	Xinguang, Tian 1,2; Miyi, Duan 1,2; Wenfa, Li 1; Chunlai, Sun 2
	2008-04-01
发表期刊	CHINESE JOURNAL OF ELECTRONICS
ISSN	1022-4653
卷号	17 期号:2 页码:231-236
摘要	Behavior-based intrusion detection is currently an active research topic in the field of network security. This paper proposes a novel method for anomaly detection of user behavior, which is applicable to host-based intrusion detection systems using shell commands as audit data. The method employs a one-order homogeneous Markov chain model to characterize the normal behavior profile of a network user, and associates the states of the Markov chain with specific shell commands in the training data. The parameters of the Markov chain are estimated by a command matching algorithm which is computationally efficient. At the detection stage, the occurrence probabilities of the state sequences are firstly computed, and then two alternative schemes could be used to distinguish between normal and anomalous behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for online detection. Our study empirically demonstrated the promising performance of the method.
关键词	intrusion detection anomaly detection shell command Markov chain
收录类别	SCI
语种	英语
WOS研究方向	Engineering
WOS类目	Engineering, Electrical & Electronic
WOS记录号	WOS:000255103200009
出版者	TECHNOLOGY EXCHANGE LIMITED HONG KONG
引用统计	被引频次：5[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/11164
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Xinguang, Tian
作者单位	1.Chinese Acad Sci, Inst Comp Technol, Beijing 100080, Peoples R China 2.Beijing Jiaotong Univ, Inst Comp Technol, Beijing 100044, Peoples R China
推荐引用方式 GB/T 7714	Xinguang, Tian,Miyi, Duan,Wenfa, Li,et al. Anomaly detection of user behavior based on shell commands and homogeneous Markov chains[J]. CHINESE JOURNAL OF ELECTRONICS,2008,17(2):231-236.
APA	Xinguang, Tian,Miyi, Duan,Wenfa, Li,&Chunlai, Sun.(2008).Anomaly detection of user behavior based on shell commands and homogeneous Markov chains.CHINESE JOURNAL OF ELECTRONICS,17(2),231-236.
MLA	Xinguang, Tian,et al."Anomaly detection of user behavior based on shell commands and homogeneous Markov chains".CHINESE JOURNAL OF ELECTRONICS 17.2(2008):231-236.