Anomaly Detection Based on Multi-Attribute Decision

Author

Zeng, QingPeng ; Wu, ShuiXiu

Author_Institution

Sch. of Inf. Eng., NanChang Univ., Nanchang, China

Volume

2

fYear

2009

fDate

19-21 May 2009

Firstpage

394

Lastpage

398

Abstract

Detection of intrusion attacks is an important issue in network security, this paper introduces a new anomaly detection scheme based on multi-attribute decisional framework. the system calls are used to characterize the processpsilas behavior, The data classification is performed by k-nearest neighbors(kNN) method and support vector machines(SVM) model . the experiments with KDD cup 1999 data demonstrate that our proposed method achieves 97.26% in hit rate with the false alarm rate 6.03% and outperforms the RIPPER method, and the time complexity is linear with the size of dataset and the number of attributes. since there is no need to build a profile for each program and check every sequence during the new program execution, the amount of calculation involved is largely reduced.

Keywords

decision theory; pattern classification; security of data; support vector machines; RIPPER method; SVM model; data classification; false alarm rate; intrusion attack anomaly detection scheme; k-nearest neighbor method; kNN method; multiattribute decision theory; network security; process behavior; program execution; repeated incremental pruning-to-produce error reduction; support vector machine; time complexity; Computer security; Data engineering; Data security; Event detection; Information analysis; Information security; Intrusion detection; Monitoring; National security; Pattern analysis; Anomaly Detection; Multi-attribute Decision; RIPPER; k-Nearest Neighbors;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems, 2009. GCIS '09. WRI Global Congress on

Conference_Location

Xiamen

Print_ISBN

978-0-7695-3571-5

Type

conf

DOI

10.1109/GCIS.2009.286

Filename

5209406