Intrusion Detection Applying Machine Learning to Solaris Audit Data
نویسنده
چکیده
An Intrusion Detection System (IDS) seeks to identify unauthorized access to computer systems' resources and data. The most common analysis tool that these modern systems apply is the operating system audit trail that provides a ngerprint of system events over time. In this research, the Basic Security Module auditing tool of Sun's Solaris operating environment was used in both an anomoly and misuse detection approach. The anomoly detector consisted of the statistical likelihood analysis of system calls, while the misuse detector was built with a neural network trained on groupings of system calls. This research demonstrates the potential beneets of combining both aspects of detection in future IDS's to decrease false positive and false negative errors.
منابع مشابه
A Hybrid Machine Learning Method for Intrusion Detection
Data security is an important area of concern for every computer system owner. An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Already various techniques of artificial intelligence have been used for intrusion detection. The main challenge in this area is the running speed of the available implemen...
متن کاملAdaptive Intrusion Detection Based on Machine Learning: Feature Extraction, Classifier Construction and Sequential Pattern Prediction
* Corresponding author. This work is supported by the National Natural Science Foundation of China under Grant 60303012 Abstract: In recent years, intrusion detection has emerged as an important technique for network security. Due to the large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, to optimize the performance of intrusion detection syste...
متن کاملMachine Learning in Network Intrusion Detection System
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP’99 is the mostly widely used data set for the evaluation of these systems. As network attacks have increased in number and severity over the past few years, intrusion detection system (IDS) is increasingly becoming a cr...
متن کاملToward Lightweight Intrusion Detection System Through Simultaneous Intrinsic Model Identification
Intrusion Detection System (IDS) should guarantee high detection rates with minimum overheads to figure out intrusion detection model and process audit data. The previous approaches have mainly focused on feature selection of audit data and parameters optimization of intrusion detection models. However, feature selection and parameters optimization have been performed in separate way. Several h...
متن کاملFormulation of a Heuristic Rule for Misuse and Anomaly Detection for U2R Attacks in Solaris Operating System Environment
This paper proposes a heuristic rule for detection of user-to-root (U2R) attacks against Solaris TM operating system. Relevant features for developing heuristic rules were manually mined using Solaris TM Basic Security Module audit data. The proposed rule was tested on both DARPA 1998 and 1999 intrusion detection datasets. Results show that all user-to-root attacks exploiting the suid program w...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998