An Anomaly Intrusion Detection Method Based on Shell Commands

Author

Du, Ye ; Wang, Tong

Author_Institution

Sch. of Comput. & Inf. Technol., Beijing Jiaotong Univ., Beijing

fYear

2008

fDate

21-22 Dec. 2008

Firstpage

798

Lastpage

801

Abstract

Intrusion detection has emerged as an important approach to security problems. This paper proposes an effective anomaly detection method based on Unix shell commands to learn patterns. By looking upon each short shell commands sequence as an instance and each observable symbol as a bag that contains some instances, the task of detecting abnormal behaviors can be mapped as multiple-instance learning. KNN algorithm and Euclidean distances are selected as learning approach and a new kernel method is proposed to calculate the deviation between normal and intrusive bags. The algorithm is simple and can be directly applied. Experiments demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.

Keywords

geometry; learning (artificial intelligence); security of data; Euclidean distances; Unix shell commands; anomaly intrusion detection method; multiple-instance learning; security problems; Computer security; Data security; Immune system; Information security; Information technology; Intrusion detection; Law; Legal factors; Neural networks; Training data; Euclidean distance; Intrusion detection; K-nearest neighbor; Multiple-instance learning; Shell commands;

fLanguage

English

Publisher

ieee

Conference_Titel

Knowledge Acquisition and Modeling Workshop, 2008. KAM Workshop 2008. IEEE International Symposium on

Conference_Location

Wuhan

Print_ISBN

978-1-4244-3530-2

Electronic_ISBN

978-1-4244-3531-9

Type

conf

DOI

10.1109/KAMW.2008.4810611

Filename

4810611