Audit File Reduction Using N-Gram Models
نویسندگان
چکیده
While some accurate, current Intrusion Detection Systems (IDS’s) get rapidly overwhelmed with contemporary information workload [1, 2]. This problem partly dwells in the number of repetitive spurious information that IDS’s unnecessarily analyse. Using this observation, we propose a methodology which can be used to significantly remove such spurious information and thus alleviate intrusion detection. Throughout our experiments we have considered host-based intrusion detection, using the 1998 DARPA repository [3]. The IDS is thus assumed to make an audit from a set of sessions, each of which is a sequence of system calls and corresponds to either of the following services: telnet, ftp, smtp, finger or echo. The reduction methodology is twofold:
منابع مشابه
On the Role of Information Compaction to Intrusion Detection
An intrusion detection system (IDS) usually has to analyse Giga-bytes of audit information. In the case of anomaly IDS, the information is used to build a user profile characterising normal behaviour. Whereas for misuse IDSs, it is used to test against known attacks. Probabilistic methods, e.g. hidden Markov models, have proved to be suitable to profile formation but are prohibitively expensive...
متن کاملService Discrimination and Audit File Reduction for Effective Intrusion Detection
Current IDSs can be easily overwhelmed by the the amount of information they ought to analyse. By pre-processing the information, this paper aims both to alleviate the computational overhead involved in intrusion detection and to make IDSs scalable. Regardless whether it is a sequence of network packets or a sequence of system calls, the information an IDS analyses is often redundant in at leas...
متن کاملDesign and Implementation of Verifiable Audit Trails for a Versioning File System
We present constructs that create, manage, and verify digital audit trails for versioning file systems. Based upon a small amount of data published to a third party, a file system commits to a version history. At a later date, an auditor uses the published data to verify the contents of the file system at any point in time. Digital audit trails create an analog of the paper audit process for fi...
متن کاملمکانیابی خطاهای پنهان نرم افزار با استفاده از آنتروپی متقاطع و مدلهای n-گرام
The aim is to automate the process of bug localization in program source code. The cause of program failure could be best determined by comparing and analyzing correct and incorrect execution paths generated by running the instrumented program with different failing and passing test cases. To compare and analysis the execution paths, one approach is clustering the paths according to their simil...
متن کاملModeling Morphologically Rich Languages Using Split Words and Unstructured Dependencies
We experiment with splitting words into their stem and suffix components for modeling morphologically rich languages. We show that using a morphological analyzer and disambiguator results in a significant perplexity reduction in Turkish. We present flexible n-gram models, FlexGrams, which assume that the n−1 tokens that determine the probability of a given token can be chosen anywhere in the se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005