Title :
An anomaly intrusion detection method using average Hamming distance
Author :
Du, Ye ; Wang, Wi-Qiang ; Pang, Yong-Gang
Author_Institution :
Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., China
Abstract :
Intrusion detection plays a significant role in protecting information security. The existing techniques were analyzed, and then an effective method - AHDAD (average Hamming distance-based anomaly intrusion detection) was proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs, and the AHD (average Hamming distance) was calculated to classify normal and abnormal behaviors. The method has some advantages, such as algorithm simplicity, low overhead of time, high accuracy and real-time detection. Experiments on send-mail traces demonstrate that the method can detect intrusive actions accurately.
Keywords :
Unix; security of data; Unix processes; anomaly intrusion detection method; average Hamming distance; fixed length sequences; information security; real time detection; send mail traces; Computer science; Data mining; Databases; Educational institutions; Hamming distance; Information security; Information systems; Intrusion detection; Pattern analysis; Protection;
Conference_Titel :
Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on
Print_ISBN :
0-7803-8403-2
DOI :
10.1109/ICMLC.2004.1378530
