Title :
Anomaly Detection Based on Multi-Attribute Decision
Author :
Zeng, QingPeng ; Wu, ShuiXiu
Author_Institution :
Sch. of Inf. Eng., NanChang Univ., Nanchang, China
Abstract :
Detection of intrusion attacks is an important issue in network security, this paper introduces a new anomaly detection scheme based on multi-attribute decisional framework. the system calls are used to characterize the processpsilas behavior, The data classification is performed by k-nearest neighbors(kNN) method and support vector machines(SVM) model . the experiments with KDD cup 1999 data demonstrate that our proposed method achieves 97.26% in hit rate with the false alarm rate 6.03% and outperforms the RIPPER method, and the time complexity is linear with the size of dataset and the number of attributes. since there is no need to build a profile for each program and check every sequence during the new program execution, the amount of calculation involved is largely reduced.
Keywords :
decision theory; pattern classification; security of data; support vector machines; RIPPER method; SVM model; data classification; false alarm rate; intrusion attack anomaly detection scheme; k-nearest neighbor method; kNN method; multiattribute decision theory; network security; process behavior; program execution; repeated incremental pruning-to-produce error reduction; support vector machine; time complexity; Computer security; Data engineering; Data security; Event detection; Information analysis; Information security; Intrusion detection; Monitoring; National security; Pattern analysis; Anomaly Detection; Multi-attribute Decision; RIPPER; k-Nearest Neighbors;
Conference_Titel :
Intelligent Systems, 2009. GCIS '09. WRI Global Congress on
Conference_Location :
Xiamen
Print_ISBN :
978-0-7695-3571-5
DOI :
10.1109/GCIS.2009.286
