Rule-based integration of multiple measure-models for effective intrusion detection

Sang Jun Han, Sung Bae Cho

Research output: Contribution to journalConference article

4 Citations (Scopus)

Abstract

As the reliance on computers gets higher, security of critical computers becomes more important thing. An IDS detects unauthorized usage and misuses by a local user as well as modification of important data by analyzing system calls, system logs, activation time, and network packets Conventional IDSs based on anomaly detection employ several artificial intelligence techniques to model normal behavior. However, they have the shortcoming that there are undetectable intrusions according to types for each measure and modeling method because each intrusion type makes anomalies at individual measure. In this paper, we propose a multiple-measure intrusion detection method to remedy this drawback of conventional anomaly detector. We measure normal behavior by system calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

Original languageEnglish
Pages (from-to)120-125
Number of pages6
JournalProceedings of the IEEE International Conference on Systems, Man and Cybernetics
Volume1
Publication statusPublished - 2003 Nov 24
EventSystem Security and Assurance - Washington, DC, United States
Duration: 2003 Oct 52003 Oct 8

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Rule-based integration of multiple measure-models for effective intrusion detection'. Together they form a unique fingerprint.

  • Cite this