Learning Temporal Regularities of User Behavior for Anomaly Detection
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
IDS false alarm filtering using KNN classifier
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Hi-index | 0.00 |
The fast expansion of inexpensive computer networks has increased the problem of unauthorized access and tampering with data. As a response to increased threats many intrusion detection systems (IDSs) have been developed to serve as a last line of defense in the overall protection scheme of a computer system. We present an architecture of a hybrid intrusion detection system based on real-time user recognition. The user recognition that deploys online learning exposes different kinds of misuse attempts that become apparent as anomalous activities in the system. We present the architecture of our system that combines anomaly and misuse intrusion detection in a hybrid system that tries to take advantage of the best practices of both misuse and anomaly detection approaches.