Title :
Behavior Analysis-Based Learning Framework for Host Level Intrusion Detection
Author :
Qiao, Haiyan ; Peng, Jianfeng ; Feng, Chuan ; Rozenblit, Jerzy W.
Author_Institution :
Dept. of Electr. & Comput. Eng., Arizona Univ., Tucson, AZ
Abstract :
Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely
Keywords :
formal verification; learning (artificial intelligence); security of data; alert verification; anomaly detection; behavior analysis-based learning; clustering algorithm; intrusion detection; machine learning; rule learning based mechanism; Change detection algorithms; Clustering algorithms; Computer networks; Data mining; Face detection; Humans; Intrusion detection; Machine learning; Machine learning algorithms; Telecommunication traffic;
Conference_Titel :
Engineering of Computer-Based Systems, 2007. ECBS '07. 14th Annual IEEE International Conference and Workshops on the
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2772-8
DOI :
10.1109/ECBS.2007.23
