State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Communications of the ACM
A new version of the rule induction system LERS
Fundamenta Informaticae
Anomaly detection: a soft computing approach
NSPW '94 Proceedings of the 1994 workshop on New security paradigms
Data mining methods for knowledge discovery
Data mining methods for knowledge discovery
Intrusion detection
Rough set algorithms in classification problem
Rough set methods and applications
Rough Sets: Theoretical Aspects of Reasoning about Data
Rough Sets: Theoretical Aspects of Reasoning about Data
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Integrating Data Mining Techniques with Intrusion Detection Methods
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
A New Version of Rough Set Exploration System
TSCTC '02 Proceedings of the Third International Conference on Rough Sets and Current Trends in Computing
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
STAT -- A State Transition Analysis Tool For Intrusion Detection
STAT -- A State Transition Analysis Tool For Intrusion Detection
NSTAT: A Model-based Real-time Network Intrusion Detection System
NSTAT: A Model-based Real-time Network Intrusion Detection System
The Rough Set Approach to Association Rule Mining
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Feature selection with rough sets for web page classification
Transactions on Rough Sets II
Use of dimensionality reduction for intrusion detection
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Using RS and SVM to detect new malicious executable codes
RSKT'06 Proceedings of the First international conference on Rough Sets and Knowledge Technology
The Journal of Supercomputing
| Hi-index | 0.00 |
Intrusion Detection system has become the main research focus in the area of information security. Last few years have witnessed a large variety of technique and model to provide increasingly efficient intrusion detection solutions. We advocate here that the intrusive behavior of a process is highly localized characteristics of the process. There are certain smaller episodes in a process that make the process intrusive in an otherwise normal stream. As a result it is unnecessary and most often misleading to consider the whole process in totality and to attempt to characterize its abnormal features. In the present work we establish that subsequences of reasonably small length of sequence of system calls would suffice to identify abnormality in a process. We make use of rough set theory to demonstrate this concept. Rough set theory also facilitates identifying rules for intrusion detection. The main contributions of the paper are the following- (a) It is established that very small subsequence of system call is sufficient to identify intrusive behavior with high accuracy. We demonstrate our result using DARPA'98 BSM data; (b) A rough set based system is developed that can extract rules for intrusion detection; (c) An algorithm is presented that can determine the status of a process as either normal or abnormal on-line.