As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, have been raised. In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior. However, there is no perfect detection method so that most of IDSs can detect the limited types of intrusion and suffers from its false alarms. Combining multiple detectors can be a good solution for this problem of conventional anomaly detectors. This paper proposes a detection method that combines multiple detectors using a machine learning technique called decision tree. We use conventional measures for intrusion detection and modeling methods appropriate to each measure. System calls, resource usage and file access events are used to measure user’s behavior and hidden Markov model, statistical method and rule-base method are used to model these measures which are combined with decision tree. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.
|Title of host publication||AI 2003|
|Subtitle of host publication||Advances in Artificial Intelligence - 16th Australian Conference on AI, Proceedings|
|Editors||Tamas D. Gedeon, Lance Chun Che Fung, Tamas D. Gedeon|
|Number of pages||13|
|Publication status||Published - 2003|
|Event||16th Australian Conference on Artificial Intelligence, AI 2003 - Perth, Australia|
Duration: 2003 Dec 3 → 2003 Dec 5
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Other||16th Australian Conference on Artificial Intelligence, AI 2003|
|Period||03/12/3 → 03/12/5|
Bibliographical notePublisher Copyright:
© Springer-Verlag Berlin Heidelberg 2003.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)