A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Introduction to Algorithms
Network forensics based on fuzzy logic and expert system
Computer Communications
Enhancing efficiency of intrusion prediction based on intelligent immune method
ICIC'10 Proceedings of the Advanced intelligent computing theories and applications, and 6th international conference on Intelligent computing
Hi-index | 0.24 |
The purpose of this study is to describe an efficient deterministic intrusion detection approach that detects both old and new attacks. We especially focused on detecting the user to root (U2R) attacks of the 1999 DARPA evaluation dataset. The main idea of our approach is to test if an unknown behavior is close enough to a known behavior (attack or normal) such as we can conclude that it belongs to its class. To achieve that, we formulate the problem of intrusion detection as a linear programming system (LPS). The objective function of this LPS leads to minimize the distance between an unknown behavior and one of the known behaviors, by respect of some constraints. The solution of such a problem is a set of bivalent variables x"i"j. If (x"i"j=1) then we can conclude that the unknown behavior i belong to the class of behaviors j. Our experiments demonstrated the efficiency of our approach.