• DocumentCode
    423328
  • Title

    An anomaly intrusion detection method using average Hamming distance

  • Author

    Du, Ye ; Wang, Wi-Qiang ; Pang, Yong-Gang

  • Author_Institution
    Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., China
  • Volume
    5
  • fYear
    2004
  • fDate
    26-29 Aug. 2004
  • Firstpage
    2914
  • Abstract
    Intrusion detection plays a significant role in protecting information security. The existing techniques were analyzed, and then an effective method - AHDAD (average Hamming distance-based anomaly intrusion detection) was proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs, and the AHD (average Hamming distance) was calculated to classify normal and abnormal behaviors. The method has some advantages, such as algorithm simplicity, low overhead of time, high accuracy and real-time detection. Experiments on send-mail traces demonstrate that the method can detect intrusive actions accurately.
  • Keywords
    Unix; security of data; Unix processes; anomaly intrusion detection method; average Hamming distance; fixed length sequences; information security; real time detection; send mail traces; Computer science; Data mining; Databases; Educational institutions; Hamming distance; Information security; Information systems; Intrusion detection; Pattern analysis; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on
  • Print_ISBN
    0-7803-8403-2
  • Type

    conf

  • DOI
    10.1109/ICMLC.2004.1378530
  • Filename
    1378530
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=423328