Anomaly detection of computer usage using artificial intelligence techniques

Jongho Choy, Sung Bae Cho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.

Original languageEnglish
Title of host publicationAdvances in Artificial Intelligence
Subtitle of host publicationPRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers
PublisherSpringer Verlag
Pages31-43
Number of pages13
Volume2112
ISBN (Print)3540425977, 9783540454083
Publication statusPublished - 2001 Jan 1
Event6th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2000 - Melbourne, Australia
Duration: 2000 Aug 282000 Sep 1

Other

Other6th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2000
CountryAustralia
CityMelbourne
Period00/8/2800/9/1

Fingerprint

Anomaly Detection
Artificial intelligence
Artificial Intelligence
Computer systems
Intrusion detection
Intrusion Detection
Voting
Self organizing maps
Hidden Markov models
Computer networks
Attack
Data structures
Data reduction
Audit
Data Modeling
Data Reduction
Self-organizing Map
Reduction Method
Modeling Method
Markov Model

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Choy, J., & Cho, S. B. (2001). Anomaly detection of computer usage using artificial intelligence techniques. In Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers (Vol. 2112, pp. 31-43). Springer Verlag.
Choy, Jongho ; Cho, Sung Bae. / Anomaly detection of computer usage using artificial intelligence techniques. Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers. Vol. 2112 Springer Verlag, 2001. pp. 31-43
@inproceedings{85fa6d93d8194941921867466ece12a1,
title = "Anomaly detection of computer usage using artificial intelligence techniques",
abstract = "Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.",
author = "Jongho Choy and Cho, {Sung Bae}",
year = "2001",
month = "1",
day = "1",
language = "English",
isbn = "3540425977",
volume = "2112",
pages = "31--43",
booktitle = "Advances in Artificial Intelligence",
publisher = "Springer Verlag",
address = "Germany",

}

Choy, J & Cho, SB 2001, Anomaly detection of computer usage using artificial intelligence techniques. in Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers. vol. 2112, Springer Verlag, pp. 31-43, 6th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2000, Melbourne, Australia, 00/8/28.

Anomaly detection of computer usage using artificial intelligence techniques. / Choy, Jongho; Cho, Sung Bae.

Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers. Vol. 2112 Springer Verlag, 2001. p. 31-43.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Anomaly detection of computer usage using artificial intelligence techniques

AU - Choy, Jongho

AU - Cho, Sung Bae

PY - 2001/1/1

Y1 - 2001/1/1

N2 - Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.

AB - Intrusion detection systems (IDS) aim to detect attacks against computer systems by monitoring the behavior of users, networks, or computer systems. Attacks against computer systems are still largely successful despite the plenty of intrusion prevention techniques available. This paper presents an IDS based on anomaly detection using several AI techniques. Anomaly detection models normal behaviors and attempts to detect intrusions by noting significant deviations from normal behavior. Raw audit data are preprocessed and reduced into appropriate size and format using Self-Organizing Map (SOM). Different aspects of a sequence of events are modeled by several hidden Markov models (HMMs), and a voting technique combines the models to determine whether current behavior is normal or not. Several experiments are conducted to explore the optimal data reduction and modeling method. For the optimal measures, system call and file access related measures are found useful and overall performance depends on the map size for each measure. Voting technique leads to more reliable detection rate.

UR - http://www.scopus.com/inward/record.url?scp=72149106875&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=72149106875&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:72149106875

SN - 3540425977

SN - 9783540454083

VL - 2112

SP - 31

EP - 43

BT - Advances in Artificial Intelligence

PB - Springer Verlag

ER -

Choy J, Cho SB. Anomaly detection of computer usage using artificial intelligence techniques. In Advances in Artificial Intelligence: PRICAI 2000 Workshop Reader - Four Workshops held at PRICAI 2000, Revised Papers. Vol. 2112. Springer Verlag. 2001. p. 31-43