Detecting network intrusions by data mining and variable-length sequence pattern matching

	Detecting network intrusions by data mining and variable-length sequence pattern matching
	Tian Xinguang 1,2; Duan Miyi 1,2; Sun Chunlai ; Liu Xin
	2009-04-01
发表期刊	JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS
ISSN	1004-4132
卷号	20 期号:2 页码:405-411
摘要	Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance.
关键词	intrusion detection anomaly detection system call data mining variable-length pattern
收录类别	SCI
语种	英语
资助项目	National Grand Fundamental Research 973 Program of China[2004CB318109] ; National High-Technology Research and Development Plan of China[2006AA01Z452] ; National Information Security 242 Program of China[2005C39]
WOS研究方向	Automation & Control Systems ; Engineering ; Operations Research & Management Science
WOS类目	Automation & Control Systems ; Engineering, Electrical & Electronic ; Operations Research & Management Science
WOS记录号	WOS:000266439400028
出版者	SYSTEMS ENGINEERING & ELECTRONICS, EDITORIAL DEPT
引用统计	被引频次：4[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/11892
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Tian Xinguang
作者单位	1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Beijing Jiaotong Univ, Inst Comp Technol, Beijing 100029, Peoples R China
推荐引用方式 GB/T 7714	Tian Xinguang,Duan Miyi,Sun Chunlai,et al. Detecting network intrusions by data mining and variable-length sequence pattern matching[J]. JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,2009,20(2):405-411.
APA	Tian Xinguang,Duan Miyi,Sun Chunlai,&Liu Xin.(2009).Detecting network intrusions by data mining and variable-length sequence pattern matching.JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,20(2),405-411.
MLA	Tian Xinguang,et al."Detecting network intrusions by data mining and variable-length sequence pattern matching".JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS 20.2(2009):405-411.