Title :
Potential application of training based computation to intrusion detection
Author :
Imamura, Kosuke ; Smith, Kris
Author_Institution :
Dept. of Comput. Sci., Eastern Washington Univ., Cheney, WA, USA
Abstract :
Without detection of a network intrusion, a system is not capable of properly defending itself. Therefore, the first step in preserving system integrity is to detect whether or not the system is under attack. We initiated a research project that utilizes training based computation for network intrusion detection. The goal of this project is to defend the system from unknown attacks. Packet analysis approaches are effective at detecting known attacks, but fail at unknown attack detection. In order to protect the system from unknown attacks, we need to develop a classifier system which is independent of the signatures found in network packets. One of the promising ways to perform this classification is to profile kernel level activities. We apply a probabilistically optimal classifier ensemble method to monitor kernel activity, and ultimately to predict whether or not the system is under attack.
Keywords :
learning (artificial intelligence); probability; security of data; network intrusion detection; packet analysis; probabilistically optimal classifier ensemble method; profile kernel level activities; system integrity; training based computation; unknown attack detection; Computer networks; Diversity reception; Error analysis; Fault tolerance; Genetic programming; Intrusion detection; Kernel; Protection; Testing; Voting;
Conference_Titel :
Fuzzy Systems, 2004. Proceedings. 2004 IEEE International Conference on
Print_ISBN :
0-7803-8353-2
DOI :
10.1109/FUZZY.2004.1375760
