An introduction to intrusion detection
Crossroads - Special issue on computer security
Intrusion Detection System: Technology and Development
AINA '03 Proceedings of the 17th International Conference on Advanced Information Networking and Applications
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Novelty detection: a review—part 2: neural network based approaches
Signal Processing
| Hi-index | 0.00 |
A new intrusion detection technique to classify program behavior as normal or intrusive by using neural network and clustering pretreatment is presented in this paper. In our method, first, we divided the large samples space into subspace using k-means clustering; second, a set of neural networks are used to study the every subspace for intrusion detection separately. By this way, we can avoid some inherent problems of neural networks, such as the slow speed of convergence and the burden of computation; On the other hand, during subspace training, because program data, which are in the same subspace, have the similar behavior characters, neural networks can quickly recognize normal or anomalous area of input space; We also note that system call frequency is replaced of system call order in this method, program behavior is represented by frequencies of system calls; Experiment with 1998 DARPA BSM audit data has also shown that the method has good performance.