Title :
An Intrusion Detection Approach Based on System Call Sequences and Rules Extraction
Author :
Ye Qing ; Wu Xiaoping ; Yan Bo
Author_Institution :
Depart. of Inf. Security, Naval Univ. of Eng., Wuhan, China
Abstract :
Intrusion detection systems protect normal users and system resources from information security threats. Anomaly detection is an approach of intrusion detection that constructs models of normal behavior of users or systems and detects the behaviors that deviate from the model. Monitoring the sequences of system calls generated during the execution of privileged programs has been known to be an effective means of anomaly detection. In this paper, an approach for anolymal intrusion detection is presented and applied to monitor the abnormal behavior of processes. The approach is based on rough set theory and capable of extracting a set of rules with the minimum size to form a normal behavior model from the record of system call sequences generated during the normal execution of a process. It may detect the abnormal operating status of a process. The normal behavior model in terms of the system call sequences is defined. And the detection algorithm is given for the application of rough set theory in intrusion detection. The illustrative example shows that it is feasible and effective.
Keywords :
rough set theory; security of data; anomaly detection; information security threats; intrusion detection approach; rough set theory; rules extraction; system call sequences; Computer networks; Data mining; Detection algorithms; Information security; Intrusion detection; Machine learning; Monitoring; Protection; Set theory; Statistics;
Conference_Titel :
e-Business and Information System Security (EBISS), 2010 2nd International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5893-6
Electronic_ISBN :
978-1-4244-5895-0
DOI :
10.1109/EBISS.2010.5473675
