Fast intrusion detection based on a non-negative matrix factorization model

Authors:
Xiaohong Guan;Wei Wang;Xiangliang Zhang
Affiliations:
MOE Key Lab for Intelligent Networks and Network Security (KLINNS) and State Key Lab for Manufacturing Systems (SKLMS), Xi'an Jiaotong University, Xi'an 710049, China and Center for Intelligent an ...;MOE Key Lab for Intelligent Networks and Network Security (KLINNS) and State Key Lab for Manufacturing Systems (SKLMS), Xi'an Jiaotong University, Xi'an 710049, China;MOE Key Lab for Intelligent Networks and Network Security (KLINNS) and State Key Lab for Manufacturing Systems (SKLMS), Xi'an Jiaotong University, Xi'an 710049, China
Venue:
Journal of Network and Computer Applications
Year:
2009

Citing 9
Cited 5

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Temporal sequence learning and data reduction for anomaly detection

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Detecting masquerades in intrusion detection based on unpopular commands

Information Processing Letters
Code red worm propagation modeling and analysis

Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Processing of massive audit data streams for real-time anomaly intrusion detection

Computer Communications
Polymorphic worm detection using structural information of executables

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Constructing attribute weights from computer audit data for effective intrusion detection

Journal of Systems and Software
Abstracting audit data for lightweight intrusion detection

ICISS'10 Proceedings of the 6th international conference on Information systems security
An N-Gram and STF-IDF model for masquerade detection in a UNIX environment

Journal in Computer Virology
ASAP: automatic semantics-aware analysis of network payloads

PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
RT-MOVICAB-IDS: Addressing real-time intrusion detection

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present an efficient fast anomaly intrusion detection model incorporating a large amount of data from various data sources. A novel method based on non-negative matrix factorization (NMF) is presented to profile program and user behaviors of a computer system. A large amount of high-dimensional data is collected in our experiments and divided into smaller data blocks by a specific scheme. The system call data is divided into blocks by processes, while command data is divided into consecutive blocks with a fixed length. The frequencies of individual elements in each block of data are computed and placed column by column as data vectors to construct a matrix representation. NMF is employed to reduce the high-dimensional data vectors and anomaly detection can be realized as a very simple classifier in low dimensions. Experimental results show that the model presented in this paper is promising in terms of detection accuracy, computation efficiency and implementation for fast intrusion detection.