Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection

Authors:
Nong Ye;Syed Masum Emran;Qiang Chen;Sean Vilbert
Affiliations:
-;-;-;-
Venue:
IEEE Transactions on Computers
Year:
2002

Citing 14
Cited 30

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Applied multivariate statistical analysis

Applied multivariate statistical analysis
Network and internetwork security: principles and practice

Network and internetwork security: principles and practice
Network security: private communication in a public world

Network security: private communication in a public world
Classification and detection of computer intrusions

Classification and detection of computer intrusions
Computer immunology

Communications of the ACM
Intrusion detection: network security beyond the firewall

Intrusion detection: network security beyond the firewall
Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
DARPA Information Survivability Conference and Exposition: Discex'00, 25-27 January 2000, Hilton Head, South Carolina: Proceedings

DARPA Information Survivability Conference and Exposition: Discex'00, 25-27 January 2000, Hilton Head, South Carolina: Proceedings
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy

Factor-analysis based anomaly detection and clustering

Decision Support Systems
Network intrusion detection in covariance feature space

Pattern Recognition
K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods

IEEE Transactions on Knowledge and Data Engineering
An overview of anomaly detection techniques: Existing solutions and latest technological trends

Computer Networks: The International Journal of Computer and Telecommunications Networking
Automated visual inspection of ripple defects using wavelet characteristic based multivariate statistical approach

Image and Vision Computing
Detecting Denial-of-Service attacks using the wavelet transform

Computer Communications
Data base support for intrusion detection with honeynets

TELE-INFO'07 Proceedings of the 6th WSEAS Int. Conference on Telecommunications and Informatics
An adaptive automatically tuning intrusion detection system

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Local anomaly detection for mobile network monitoring

Information Sciences: an International Journal
A Comparative Study of Unsupervised Machine Learning and Data Mining Techniques for Intrusion Detection

MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Continuous Time Bayesian Networks for Host Level Network Intrusion Detection

ECML PKDD '08 Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II
Intrusion Prevention in Information Systems: Reactive and Proactive Responses

Journal of Management Information Systems
Application of online-training SVMs for real-time intrusion detection with different considerations

Computer Communications
An efficient network intrusion detection

Computer Communications
An integrated approach to network intrusion detection with block clustering analysis, generalised logistic regression and linear discriminant analysis

International Journal of Information and Computer Security
A bidirectional-based DDoS detection mechanism

WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
A hybrid system with multivariate data validation and case base reasoning for an efficient and realistic product formulation

ICCBR'03 Proceedings of the 5th international conference on Case-based reasoning: Research and Development
A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods

The Journal of Supercomputing
A Framework for Large-Scale Detection of Web Site Defacements

ACM Transactions on Internet Technology (TOIT)
A cost-based analysis of intrusion detection system configuration under active or passive response

Decision Support Systems
Understanding and evaluating the impact of sampling on anomaly detection techniques

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Network intrusion detection based on system calls and data mining

Frontiers of Computer Science in China
Intrusion detection using continuous time Bayesian networks

Journal of Artificial Intelligence Research
Fusing intrusion data for detection and containment

MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Anomaly detection techniques for a web defacement monitoring service

Expert Systems with Applications: An International Journal
Multivariate correlation analysis technique based on Euclidean distance map for network traffic characterization

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Fuzzy model tuning for intrusion detection systems

ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
A covariance matrix based approach to internet anomaly detection

ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
An efficient anomaly detection algorithm for vector-based intrusion detection systems

ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Classification of Log Files with Limited Labeled Data

Proceedings of Principles, Systems and Applications on IP Telecommunications

Quantified Score

Hi-index	14.98

Visualization

Abstract

Intrusion detection complements prevention mehcanisms, such as firewalls, cryptography, and authentication, to capture intrusions into an information system while they are acting on the information system. Our study investigates a multivariate quality control technique to detect intrusions by building a long-term profile of normal activities in information systems (norm profile) and using the norm profile to detect anomalies. The multivariate quality control technique is based on Hotelling's \rm T^2 test that detects both counterrelationship anomalies and mean-shift anomalies. The performance of the Hotelling's \rm T^2 test is examined on two sets of computer audit data: a small data set and a large multiday data set. Both data sets contain sessions of normal and intrusive activities. For the small data set, the Hotelling's \rm T^2 test signals all the intrusion sessions and produces no false alarms for the normal sessions. For the large data set, the Hotelling's \rm T^2 test signals 92 percent of the intrusion sessions while producing no false alarms for the normal sessions. The performance of the Hotelling's \rm T^2 test is also compared with the performance of a more scalable multivariate technique驴a chi-squared distance test.