Title :
Anomaly-Based Intrusion Detection System Sharing Normal Behavior Databases among Different Machines
Author :
Ohtahara, Sho ; Kamiyama, Takayuki ; Oyama, Yoshihiro
Author_Institution :
Dept. of Comput. Sci., Univ. of Electro-Commun., Chofu, Japan
Abstract :
A number of studies have examined anomaly detection systems based on training of system call sequences in the normal execution of applications. However, many of these anomaly detection systems have low detection accuracy when the training is not sufficient. This occurs because the normal behavior data obtained through training on one machine cannot be used for detection on another machine. In this paper, we propose an anomaly detection system that shares normal behavior data between multiple machines. In the proposed system, normal behavior data obtained on each machine is accumulated in a server and the integrated data is distributed to each machine.This system improves the detection accuracy by integrating the data used for anomaly detection on each machine. The proposed system not only provides a straightforward algorithm for integration, but also two improved algorithms, namely, the majority algorithm and the similarity algorithm. The proposed system was implemented on the Linux operating system, and its behavior was compared experimentally with that of an existing system.
Keywords :
Linux; database management systems; operating systems (computers); security of data; Linux operating system; anomaly-based intrusion detection system; normal behavior databases; system call sequences; Application software; Computer science; Databases; Event detection; Fault detection; Information technology; Intrusion detection; Linux; Monitoring; Operating systems; intrusion detection systems; security;
Conference_Titel :
Computer and Information Technology, 2009. CIT '09. Ninth IEEE International Conference on
Conference_Location :
Xiamen
Print_ISBN :
978-0-7695-3836-5
DOI :
10.1109/CIT.2009.67
