Abstract
Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.
| Original language | English |
|---|---|
| Title of host publication | Advances in Artificial Intelligence |
| Subtitle of host publication | PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers |
| Publisher | Springer Verlag |
| Pages | 31-43 |
| Number of pages | 13 |
| Volume | 2112 |
| ISBN (Print) | 3540425977, 9783540454083 |
| Publication status | Published - 2001 Jan 1 |
| Event | 6th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2000 - Melbourne, Australia Duration: 2000 Aug 28 → 2000 Sep 1 |
Other
| Other | 6th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2000 |
|---|---|
| Country | Australia |
| City | Melbourne |
| Period | 00/8/28 → 00/9/1 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)
Cite this
}
Anomaly detection of computer usage using artificial intelligence techniques. / Choy, Jongho; Cho, Sung Bae.
Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers. Vol. 2112 Springer Verlag, 2001. p. 31-43.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
TY - GEN
T1 - Anomaly detection of computer usage using artificial intelligence techniques
AU - Choy, Jongho
AU - Cho, Sung Bae
PY - 2001/1/1
Y1 - 2001/1/1
N2 - Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.
AB - Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.
UR - http://www.scopus.com/inward/record.url?scp=72149106875&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=72149106875&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:72149106875
SN - 3540425977
SN - 9783540454083
VL - 2112
SP - 31
EP - 43
BT - Advances in Artificial Intelligence
PB - Springer Verlag
ER -