Title :
An Anomaly Intrusion Detection Method Based on Shell Commands
Author :
Du, Ye ; Wang, Tong
Author_Institution :
Sch. of Comput. & Inf. Technol., Beijing Jiaotong Univ., Beijing
Abstract :
Intrusion detection has emerged as an important approach to security problems. This paper proposes an effective anomaly detection method based on Unix shell commands to learn patterns. By looking upon each short shell commands sequence as an instance and each observable symbol as a bag that contains some instances, the task of detecting abnormal behaviors can be mapped as multiple-instance learning. KNN algorithm and Euclidean distances are selected as learning approach and a new kernel method is proposed to calculate the deviation between normal and intrusive bags. The algorithm is simple and can be directly applied. Experiments demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.
Keywords :
geometry; learning (artificial intelligence); security of data; Euclidean distances; Unix shell commands; anomaly intrusion detection method; multiple-instance learning; security problems; Computer security; Data security; Immune system; Information security; Information technology; Intrusion detection; Law; Legal factors; Neural networks; Training data; Euclidean distance; Intrusion detection; K-nearest neighbor; Multiple-instance learning; Shell commands;
Conference_Titel :
Knowledge Acquisition and Modeling Workshop, 2008. KAM Workshop 2008. IEEE International Symposium on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-3530-2
Electronic_ISBN :
978-1-4244-3531-9
DOI :
10.1109/KAMW.2008.4810611
