A risk-sensitive intrusion detection model
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Intrusion detection and identification system using data mining and forensic techniques
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Building an inter-IDS central analysis platform in the network center of China's central bank
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Detecting the deviations of privileged process execution
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
There have been two well-known models for intrusion detection. They are called Anomaly Intrusion Detection (AID) model and Misuse Intrusion Detection (MID) model. The former model analyzes user behavior and the statistics of a process in normal situation, and it checks whether the system is being used in a different manner. The latter model maintains datab ase of known intrusion technique and detects intrusion by comparing a behavior against the database. An intrusion detection method based on an AID model can detect a new intrusion method, however it needs to update the data describing users behavior and the statistics in normal usage. We call these information profiles. There are several problems in AID to be addressed. The profiles are tend to be large. Detecting intrusion needs a large amount of system resource, like CPU time and memory and disk space. An MID model requires less amount of system resource to detect intrusion. However it cannot detect new, unknown intrusion methods. Our method solves these problems by recording system calls from daemon processes and set fluid programs. We improved detection accuracy by adopting a DP matching scheme.