КЛАСИФИКАЦИОННО ДЪРВО И KULLBACK-LEIBLER РАСТОЯНИЕ-ОСНОВАНО НА ДЕТЕКТИРАНЕ НА АНОМАЛНИ ИНСТРУКЦИИ
In recent years anomaly detection has become an important area for both commercial interests as well as academic research. The intrusion detection process attempts to detect malicious attacks by examining various data collected during processes on the protected system. The present paper proposed an adaptive approach of anomaly based intrusion detection which is grounded on classification trees and relative entropy. The major results of the implemented simulation experiments are presented and discussed as well.
2. Brieman, L., J.H. Friedman, R.A. Olshen, C.J. Stone, Classification and Regression Trees. Belmont, CA: Wadsworth International Group, 1984.
4. Dash S. K.; S. Rawat; A. K Pujari, LLE on System Calls for Host Based Intrusion Detection, Proceedings of the International Conference on Computational Intelligence and Security, 2006, pp. 609 – 612.
5. Evangelista P.F., COMPUTER INTRUSION DETECTION THROUGH STATISTICAL ANALYSIS AND PREDICTION MODELING, PhD Thesis, 2005.
6. Forrest S., S.A. Hofmeyr, A. Somayaji, T.A. Longtaff, A Sense of Self for Unix Processes, In Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitors, CA, pp.120-128.
7. Ghosh A.K., A. Schwartzbard, M. Schatz, Learning Program Behavior Profiles for Intrusion Detection, In Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring, pp. 51–62, 1999.
8. Han, Te Sun & Kobayashi, Kingo (2002). Mathematics of Information and Coding. American Mathematical Society. pp. 19–20.
9. Haruyama T., H. Nakazato, H. Tominaga, Intrusion Detection by Monitoring System Calls with POSIX Capabilities, IEICE Transactions on Communications, Vol. E90-B, Num. 10, pp. 2646-2654, 2007.
10. Kokotos D.X., Y. G. Smirlis, A Classification Tree Application to Predict Total Ship Loss, Journal of Transportation and Statistics, Vol.8, Num. 2, 2005, pp. 31-42.
11. Lee W., S. J. Stolfo, K. W. Mok, Mining audit data to build intrusion detection models, In Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD ’98), New York, NY, USA, 1998.
12. Leung K., C. Leckie, Unsupervised anomaly detection in network intrusion detection using clusters, In Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38, Newcastle, Australia, 2005, pp. 333 – 342.
13. Neumann P., P. Porras, Experience with Emerald to Date, In Proceedings of the First Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 1999.
14. Pannell, G., H.Ashman, Anomaly Detection over User Profiles for Intrusion Detection, Proceedings of the 8th Australian Information Security Management Conference, 2010, pp.81-94.
15. Patcha A.,J. Park, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks: The International Journal of Computer and Telecommunications Networking, Vol.51, Issue 12, August 2007, pp.3448-3470.
16. Rajagopalan M., M. A. Hiltunen, T. Jim, R. D. Schlichting, System Call Monitoring Using Authenticated System Calls, IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 3, 2006, pp. 216-229.
17. Taylor J. R., An Introduction to Error Analysis: The Study of Uncertainties in Physical Measurements. University Science Books, 1999, pp.128-129.
18. University of New Mexico’s Computer Immune Systems Project, http://www.cs.unm.edu/~immsec/systemcalls.htm.
19. Valdes A., Detecting Novel Scans Through Pattern Anomaly Detection, In Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), Washington, D.C., April 2003.
Copyright (C) 2018 Evgeniya Nikolova, Veselina Jecheva
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.