Paper Info
Title
A fast host-based intrusion detection system using rough set theory
Abstract
Intrusion Detection system has become the main research focus in the area of information security. Last few years have witnessed a large variety of technique and model to provide increasingly efficient intrusion detection solutions. We advocate here that the intrusive behavior of a process is highly localized characteristics of the process. There are certain smaller episodes in a process that make the process intrusive in an otherwise normal stream. As a result it is unnecessary and most often misleading to consider the whole process in totality and to attempt to characterize its abnormal features. In the present work we establish that subsequences of reasonably small length of sequence of system calls would suffice to identify abnormality in a process. We make use of rough set theory to demonstrate this concept. Rough set theory also facilitates identifying rules for intrusion detection. The main contributions of the paper are the following- (a) It is established that very small subsequence of system call is sufficient to identify intrusive behavior with high accuracy. We demonstrate our result using DARPA'98 BSM data; (b) A rough set based system is developed that can extract rules for intrusion detection; (c) An algorithm is presented that can determine the status of a process as either normal or abnormal on-line.
Year
DOI
Venue
2005
10.1007/11574798_8
T. Rough Sets
Keywords
DocType
Volume
main contribution,rough set theory,rough set,intrusive behavior,fast host-based intrusion detection,system call,intrusion detection system,abnormal feature,efficient intrusion detection solution,intrusion detection,whole process,decision table,data mining,anomaly
Journal
3700
ISSN
ISBN
Citations 
0302-9743
3-540-29830-4
10
PageRank 
References 
Authors
0.76
25
3
Name
Order
Citations
PageRank
Sanjay Rawat114610.59
V. P. Gulati225714.82
Arun K. Pujari342048.20