Privacy intrusion detection using dynamic Bayesian networks
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Ant colony based approach for intrusion detection on cluster heads in WSN
Proceedings of the 2011 International Conference on Communication, Computing & Security
| Hi-index | 0.00 |
Anomaly detection techniques have been devised to address the limitations of misuse detection approach for intrusion detection. They can abstract information about the normal behaviors of a system and detect attacks regardless of whether or not the system has observed them before. However, they have an inherent difficulty to deal with large volume of audit data to model the normal behaviors. Calculations for each trace in each pass through the training data take O(TS2), where T is the length of the trace in system calls, and S is the number of state in hidden Markov model.In this paper, we propose an effective intrusion detection system (IDS) that improves the modeling time and performance with only considering the events of privilege flows based on the domain knowledge of attacks. Proposed privilege change model is evaluated with fixed sequences from BSM data on the situation where transitions between UID and EUID occur. A detailed analysis of the attacks reveals that acquiring root privilege can happen not only with user's change but also with group's change. To address both cases, the system exploits privilege flows of both user and group.