IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Applications of Data Mining in Computer Security
Applications of Data Mining in Computer Security
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Safe Multiple Access-Rates Transmission (SMART) Scheme for IEEE 802.11 Wireless Networks
AINA '03 Proceedings of the 17th International Conference on Advanced Information Networking and Applications
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Identifying Intrusions in Computer Networks with Principal Component Analysis
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Journal of Cognitive Neuroscience
Incorporating soft computing techniques into a probabilistic intrusion detection system
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Training a neural-network based intrusion detector to recognize novel attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Fast intrusion detection based on a non-negative matrix factorization model
Journal of Network and Computer Applications
Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation
Journal of Network and Computer Applications
Network forensics based on fuzzy logic and expert system
Computer Communications
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
An efficient network intrusion detection
Computer Communications
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Abstracting audit data for lightweight intrusion detection
ICISS'10 Proceedings of the 6th international conference on Information systems security
Anomaly detection in monitoring sensor data for preventive maintenance
Expert Systems with Applications: An International Journal
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
A variable-length model for masquerade detection
Journal of Systems and Software
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
Wireless Personal Communications: An International Journal
Hi-index | 0.25 |
Intrusion detection is an important technique in the defense-in-depth network security framework. Most current intrusion detection models lack the ability to process massive audit data streams for real-time anomaly detection. In this paper, we present an effective anomaly intrusion detection model based on Principal Component Analysis (PCA). The model is more suitable for high speed processing of massive data streams in real-time from various data sources by considering the frequency property of audit events than by use of the transition property or the correlation property. It can serve as a general framework that a practical Intrusion Detection Systems (IDS) can be implemented in various computing environments. In this method, a multi-pronged anomaly detection model is used to monitor various computer system and network behaviors. Three sources of data, system call data from the University of New Mexico (lpr) and from KLINNS Lab of Xi'an Jiaotong University (ftp), shell command data from AT&T Research laboratory, and network data from MIT Lincoln Lab, are used to validate the model and the method. The frequencies of individual system calls generated by one process and of individual commands embedded in one command block as well as features extracted in one network connection are transformed into an input data vector. Our method is employed to reduce the high dimensional data vectors and thus the detection is handled in a lower dimension with high efficiency and low use of system resources. The distance between a vector and its reconstruction in the reduced subspace is used for anomaly detection. Empirical results show that our model is promising in terms of detection accuracy and computational efficiency, and thus amenable for real-time intrusion detection.