Intrusion detection via analysis and modelling of user commands

Authors:
Matthew Gebski;Raymond K. Wong
Affiliations:
National ICT Australia and School of Computer Science & Engineering, University of New South Wales, Sydney, NSW, Australia;National ICT Australia and School of Computer Science & Engineering, University of New South Wales, Sydney, NSW, Australia
Venue:
DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery
Year:
2005

Citing 10
Cited 2

Intrusion detection with neural networks

NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security
Constructing Suffix Trees On-Line in Linear Time

Proceedings of the IFIP 12th World Computer Congress on Algorithms, Software, Architecture - Information Processing '92, Volume 1 - Volume I
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility

ACM SIGKDD Explorations Newsletter
Mining intrusion detection alarms for actionable knowledge

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
ADMIT: anomaly-based data mining for intrusions

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Clustering intrusion detection alarms to support root cause analysis

ACM Transactions on Information and System Security (TISSEC)
Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
User re-authentication via mouse movements

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

Classification of hidden network streams

DaWaK'06 Proceedings of the 8th international conference on Data Warehousing and Knowledge Discovery
Online Randomization Strategies to Obfuscate User Behavioral Patterns

Journal of Network and Systems Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since computers have become a mainstay of everyday life, techniques and methods for detecting intrusions as well as protecting systems and data from unwanted parties have received significant attention recently. We focus on detecting improper use of computer systems through the analysis of user command data. Our approach looks at the structure of the commands used and generates a model which can be used to test new commands. This is accompanied by an analysis of the performance of the proposed approach. Although we focus on commands, the techniques presented in this paper can be extended to allow analysis of other data, such as system calls.